comparing 187b47bbc28620ad876f1c2ea13db50d82dba674 and main on soopy.moe/gensokyo

.gitignore

+10 -6

creds/sops/koumakan/default.yaml

···

       64
       64
        
           signing_key:

     

       65
       65
        
               v1: ENC[AES256_GCM,data:Oc1E2MNzUgRZvXm54HmumhomF3M7LIHQl1u/Jta8cdOKmZgB5jSzv8aUeaKa1SOGCtIfVSbsJb7ijKTULtrWOkge6SBtiNYkOAKlvDGXWhChAO4GRFrMyeJgjLFWgY7+OKFicNQwU3uLPA==,iv:j25ZwWmzt7r53CVxJkGia8tSpIUQD7UecQElM+JDJ3w=,tag:zxSvJV3qfius+QwBYbgNrw==,type:str]

     

       66
       66
        
           s3:

     

       67
       67
       -
               key_id: ENC[AES256_GCM,data:ONhytMHluXYgZw0hErBid5PmD+o=,iv:j6NPjLPIPN3rNs/RSDoqhYqGaZ11ZZwyM3Q4SoXviKY=,tag:oc+L6+TwAy/OLKQVfZsdww==,type:str]

     

       68
       68
       -
               key_secret: ENC[AES256_GCM,data:41QIwGRJP3Pw2fsYgZIG3wk6GLCy3EeJszwM+kdGrjriIfCXs6D45g==,iv:sWMgzhIh9VnBbiuv1jg+ZIfolHtuaxamthp3OKwOVgc=,tag:JLIHG5f4tdjaJxP5Il+nFA==,type:str]

     

       67
       67
       +
               key_id: ENC[AES256_GCM,data:lC3XCy3hKsMoJORqYO16Y12GpuTQu40gVhY=,iv:MZkDjjvWCCNjGtKlzBDfa7lXLC08HU/Q+2oNHkbaNok=,tag:jLS45EwjUg55/XjH6QRyPw==,type:str]

     

       68
       68
       +
               key_secret: ENC[AES256_GCM,data:YHaIympdF4eJ/e1APFp/9+3fgNRwqNP/6tATkXUYWW3yIQQof0/wfipJYkOTnBMK06/F6hQdYMLX5AswaXpfog==,iv:x+iY6uli9wn9WskfhAB0JCApj0XoD5G4I9RJWxkGf9o=,tag:5Vg9CJkzD0OR4vaTYwoMEQ==,type:str]

     

       69
       69
        
       wastebasket:

     

       70
       70
        
           key: ENC[AES256_GCM,data:tvlRsZkX+jrJWJXXxBcFnZtweaiK6V+1YV6evN2ppu14I7h4vPOOTpqav9lvzol5y8PwJ98Uw1kXFUZWTZfUda204aK1G0o4n8OS/Q403xrWzouusUI+06Jm91L75a9+/M3ql5/sQOtR0/gTMAN/10gEcTSJGnCQQVy9MDe76ppkmXnp+Bk919S8qhh3kIJ2brRnZ98RmejpJsJKG/2D10e4k9pA8uiN4vhhWg==,iv:CBzRc7Oltetqo29M29cuUr6aI/Hu5tHkbRLInDFCRzc=,tag:m7GR8ZG7ymFhQRQfQIdodw==,type:str]

     

       71
       71
        
       zipline:

     

       72
       72
        
           core:

     

       73
       73
        
               secret: ENC[AES256_GCM,data:9Yro0dKRoW/q3nAJeBi2/DBVzq2l9Q8cNjg+ZlDf/ssn1oDNnxeBtW6C+VpChUssP59behc7NQAdEH1XnhE/5YITiRw0SpMclLBDO74KmSmfhoGvQBDWU0rRQqHoSg/8WpDJcVUs9iIU2LzUoKf2ZAPqRzS9IdegaKQA8l2djsgW1Io6fGeUAH7UdLh+QTYhRzhga0vRInDcRbm9dzrRW8rB41ff9Tsm++hYCA==,iv:loOALkfZFg0sd9t0k6XR5ckV0ix5Oda9X3H+7bnA2xs=,tag:NL+gyDxW5fS0TmYtiB6HLw==,type:str]

     

       74
       74
        
           s3:

     

       75
       75
       -
               access_key: ENC[AES256_GCM,data:dwV+xA+2MYAizNMuHZptqDFv62s=,iv:MDmcEGAA3gdhDBA4ie4A5nlBwJElek/7qSvzFrGP9FI=,tag:pDIU8LTNagJrVwPw700XQQ==,type:str]

     

       76
       76
       -
               access_secret: ENC[AES256_GCM,data:ID9NA21++yUNmF/UGWudyxXuZXbMPfViGnariYe8H06aKZias9OK2A==,iv:PMXdLwkz+JpBJ0ZrVwaUdcqDxew/+Yv9AbVrX1EUfWE=,tag:4puu4oyZVGdfvaZpkdKFFQ==,type:str]

     

       75
       75
       +
               access_key: ENC[AES256_GCM,data:G1aUG9dvjedUTcSVytuaR/ZevFtoiEokEd0=,iv:N7rBB3O6l36IaAk5tAKRCNxxRlvKmj52nbIqFFirwDQ=,tag:3vt5Sj2yTie8K7Qsc6jY4g==,type:str]

     

       76
       76
       +
               access_secret: ENC[AES256_GCM,data:6oFbU/0g+P6MTmvenjmjshet1wZ0FPfA5PYvHLZqIM14IdAntIo5rdFuntgxXDjPeFLiq6tEzMfqX/cONITXKg==,iv:fVoxMAj+xSOlp3MWtQ48TA62+L4UGxMFnJUIyFaYYxY=,tag:/1gV4TfE/kOV7CvRbpqPUw==,type:str]

     

       77
       77
        
       minio:

     

       78
       78
        
           root_user: ENC[AES256_GCM,data:q+w4FgnCA2QxWsxM,iv:NojzSMmZ2yq7VyPn7fOYauLpgMOE0NGCyTUQ6slGN2Q=,tag:5FfjO4KH8XfLuymxDgV2iA==,type:str]

     

       79
       79
        
           root_pass: ENC[AES256_GCM,data:oh/VQDU1dR9YLribrhZeVJxMoY9/7Ri8bloM650j6Ut/vHF6BB4NYY94RngkBYRVkHplF9oKx+Ey13kMyIPvC+EvPczoWKCHJ4pJqq3GgWigFp7ufUDdvY4hBjW7SU7fk0wYOjZYH2JlLqjmU0MsVKSqt66Rq9Si0MU7VACNrJzYDe6KbCbL/YT3DmTvBpPR6ysLCE525rH7Tg2LVyn775Si+vo+KGC5gqGMlw==,iv:8pbJMeuDIcvkI8Uda30i8ote/PRUSSAmaua22gQmbHc=,tag:6hNvVytKXbjrKZMKkQ5pEA==,type:str]

     
···

       85
       85
        
       pocket-id:

     

       86
       86
        
           encryption_key: ENC[AES256_GCM,data:aSWSWrd1dR6NpwLJE3Je4j6bnBMq7QFD8VX6u4XIKqFq3shwuM/fZitblSfVX92UdDFZnsZyRiAf57rH/9PB+saoOcdSUkC/rTYO0iGFLQLcOiSMfBdyKA==,iv:ZlCrKpT8LrcqDK7uCr1m8vp+reCdwcG6KhxFQsB+KqY=,tag:+MvOEXBnUP5QleY5f6kbuA==,type:str]

     

       87
       87
        
           maxmind_key: ENC[AES256_GCM,data:KfGuV+GbrZhDSDovV7eHu7nffOB6j+z6wsXQxlaEB/7tvwucn2wbxA==,iv:+t5nNpRE/x1cSZ+Ee6fHj5x1vKqTP/6NGqiUlhdzTxs=,tag://rUceu5SeIpgKGiP6+Pkw==,type:str]

     

       88
       88
       +
       garage:

     

       89
       89
       +
           rpc_secret: ENC[AES256_GCM,data:SYD8U1FLutpeX/zE8wWgUf3MPDQuS2rEx6loF8m0U1rolz6S7ynt98tUh04t1cFGon405bsCCqJeSesIgBAWjA==,iv:Vde1d+ap/hVRxPs3hgB+avS3s2cWRDGilqI7Odktgho=,tag:t9co728BfgQ78tfG8V93JA==,type:str]

     

       90
       90
       +
           admin_token: ENC[AES256_GCM,data:in/UjRG4jehvI0kjfD3TvheWN+7NNmU4GRuXEqBZocyd1E0NqP6DKxhpG6M=,iv:yTA4dQd36ou3gs6UGrsuONJzQ8DNTIsOi765GZIIaQI=,tag:HD401PZLEOaPNszV/04jJQ==,type:str]

     

       91
       91
       +
           metrics_token: ENC[AES256_GCM,data:BZ3TN+ubxwHNi8QZP+TmdVgcL88UzwDsv8Lema2ClxqYRZFddaQg2RIHHIM=,iv:k7xyeyzZiMK3R/Gr/f+8uN8zFOUJaaQ99AILoKMYa/c=,tag:mJhPxEjMKOjb/Z0KnGzN4w==,type:str]

     

       88
       92
        
       sops:

     

       89
       93
        
           age:

     

       90
       94
        
               - recipient: age1l3qxt6630dzesdclfm3eqgw3uuhwj09dh6typwlwr6clcv0qhfrqgtj2fk

     
···

       114
       118
        
                   QUlVNExmVGd2QXJwVmRGa0JvMmtocEUK7Zo0Mtj3oZm5Etp61cGbLs+2XP97pjR6

     

       115
       119
        
                   rtfHnuxceJj0+yBugfwgFD1TGJ+6M7z5YCwTx+GAvbPDrmSm2TGrwg==

     

       116
       120
        
                   -----END AGE ENCRYPTED FILE-----

     

       117
       117
       -
           lastmodified: "2025-10-13T08:42:55Z"

     

       118
       118
       -
           mac: ENC[AES256_GCM,data:ocIWuopOoiUMxc6TMCxzBuicp5rzqX9oE9pXaIbFkRxjXwmskUwS8s00Xzqgo1K60+tnBFFK+zma+jMd7fKeBtkUqD00dgXMnLlUNmUt2s+Mq34nCt3hiNSOcqQHjBBIeSEiy/gqn1umdnCkV/zLBEP10u/EOdJ1Dlb1vA3gvqs=,iv:xS9HBMGmATAH/IxFide0tV4lTZ1HwjBTm+Be+4exczo=,tag:JQTIYw+PQ03mx5JE8rNPsg==,type:str]

     

       121
       121
       +
           lastmodified: "2025-10-31T06:22:39Z"

     

       122
       122
       +
           mac: ENC[AES256_GCM,data:cRRtc1MzZ+1+lzWRQA/IIVSyQgIO2b0FZ+Xf/Riu4ry8c9FeqLCIrOJzYUUYA4h3z+KQLKL8mgYKJ8xrhMOEmOBhmtEFhyOJp9IdQeEjjQyNy2uRnJRrUtJpTe95LSKBV1At/hPZMcwCSx6h7zDTI7sBWsNCxkMSp/Zcpr1AyZI=,iv:lc19cb+rUMcTZbjxdlLXNE2uWKvwHIK8p7FuPXfvZUo=,tag:U48mLo/y+zjWT+p6/L+eBg==,type:str]

     

       119
       123
        
           unencrypted_suffix: _unencrypted

     

       120
       124
        
           version: 3.11.0

+145 -158

flake.lock

···

       1
       1
        
       {

     

       2
       2
        
         "nodes": {

     

       3
       3
       +
           "actor-typeahead-src": {

     

       4
       4
       +
             "flake": false,

     

       5
       5
       +
             "locked": {

     

       6
       6
       +
               "lastModified": 1762835797,

     

       7
       7
       +
               "narHash": "sha256-heizoWUKDdar6ymfZTnj3ytcEv/L4d4fzSmtr0HlXsQ=",

     

       8
       8
       +
               "ref": "refs/heads/main",

     

       9
       9
       +
               "rev": "677fe7f743050a4e7f09d4a6f87bbf1325a06f6b",

     

       10
       10
       +
               "revCount": 6,

     

       11
       11
       +
               "type": "git",

     

       12
       12
       +
               "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead"

     

       13
       13
       +
             },

     

       14
       14
       +
             "original": {

     

       15
       15
       +
               "type": "git",

     

       16
       16
       +
               "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead"

     

       17
       17
       +
             }

     

       18
       18
       +
           },

     

       3
       19
        
           "arion": {

     

       4
       20
        
             "inputs": {

     

       5
       21
        
               "flake-parts": "flake-parts",

     
···

       9
       25
        
               ]

     

       10
       26
        
             },

     

       11
       27
        
             "locked": {

     

       12
       12
       -
               "lastModified": 1759632323,

     

       13
       13
       -
               "narHash": "sha256-TzLTfXxhOkR/8oOoVEAYQWb81ADGHdKsQXGicC7kR+M=",

     

       28
       28
       +
               "lastModified": 1765839957,

     

       29
       29
       +
               "narHash": "sha256-c2k30kehMWLEQpO41OhyDruj1S7RsyBlgx4yHlXKVa4=",

     

       14
       30
        
               "owner": "hercules-ci",

     

       15
       31
        
               "repo": "arion",

     

       16
       16
       -
               "rev": "24658a03be2d1a6e1e02c01524775d960a82309c",

     

       32
       32
       +
               "rev": "9ff7acc2c00a40ecf24894592ea5019439bb9e13",

     

       17
       33
        
               "type": "github"

     

       18
       34
        
             },

     

       19
       35
        
             "original": {

     
···

       27
       43
        
               "nixpkgs": "nixpkgs"

     

       28
       44
        
             },

     

       29
       45
        
             "locked": {

     

       30
       30
       -
               "lastModified": 1754766435,

     

       31
       31
       -
               "narHash": "sha256-DT8CQoqV2haX+Fo16WXAt9gKCSXOZH9ZfnV++Br+qcM=",

     

       46
       46
       +
               "lastModified": 1763111355,

     

       47
       47
       +
               "narHash": "sha256-iUTS8wV7tCo7A456Ro6ZOJ6Bbk0V5Is3zPd+BmJHJ/Q=",

     

       32
       48
        
               "owner": "catppuccin",

     

       33
       49
        
               "repo": "nix",

     

       34
       34
       -
               "rev": "e339d6d822fa81c39d1ab89694b4ee2cfc830c9a",

     

       50
       50
       +
               "rev": "5375a9d80c4b2a835c7203920f997f3ea4224423",

     

       35
       51
        
               "type": "github"

     

       36
       52
        
             },

     

       37
       53
        
             "original": {

     
···

       43
       59
        
           },

     

       44
       60
        
           "crane": {

     

       45
       61
        
             "locked": {

     

       46
       46
       -
               "lastModified": 1731098351,

     

       47
       47
       -
               "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",

     

       62
       62
       +
               "lastModified": 1765145449,

     

       63
       63
       +
               "narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=",

     

       48
       64
        
               "owner": "ipetkov",

     

       49
       65
        
               "repo": "crane",

     

       50
       50
       -
               "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",

     

       66
       66
       +
               "rev": "69f538cdce5955fcd47abfed4395dc6d5194c1c5",

     

       51
       67
        
               "type": "github"

     

       52
       68
        
             },

     

       53
       69
        
             "original": {

     
···

       59
       75
        
           "flake-compat": {

     

       60
       76
        
             "flake": false,

     

       61
       77
        
             "locked": {

     

       62
       62
       -
               "lastModified": 1747046372,

     

       63
       63
       -
               "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",

     

       78
       78
       +
               "lastModified": 1761588595,

     

       79
       79
       +
               "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",

     

       64
       80
        
               "owner": "edolstra",

     

       65
       81
        
               "repo": "flake-compat",

     

       66
       66
       -
               "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",

     

       82
       82
       +
               "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",

     

       67
       83
        
               "type": "github"

     

       68
       84
        
             },

     

       69
       85
        
             "original": {

     
···

       75
       91
        
           "flake-compat_2": {

     

       76
       92
        
             "flake": false,

     

       77
       93
        
             "locked": {

     

       78
       78
       -
               "lastModified": 1696426674,

     

       79
       79
       -
               "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",

     

       94
       94
       +
               "lastModified": 1761588595,

     

       95
       95
       +
               "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",

     

       80
       96
        
               "owner": "edolstra",

     

       81
       97
        
               "repo": "flake-compat",

     

       82
       82
       -
               "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",

     

       98
       98
       +
               "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",

     

       83
       99
        
               "type": "github"

     

       84
       100
        
             },

     

       85
       101
        
             "original": {

     
···

       91
       107
        
           "flake-compat_3": {

     

       92
       108
        
             "flake": false,

     

       93
       109
        
             "locked": {

     

       94
       94
       -
               "lastModified": 1747046372,

     

       95
       95
       -
               "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",

     

       110
       110
       +
               "lastModified": 1761588595,

     

       111
       111
       +
               "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",

     

       96
       112
        
               "owner": "edolstra",

     

       97
       113
        
               "repo": "flake-compat",

     

       98
       98
       -
               "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",

     

       114
       114
       +
               "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",

     

       99
       115
        
               "type": "github"

     

       100
       116
        
             },

     

       101
       117
        
             "original": {

     
···

       126
       142
        
               ]

     

       127
       143
        
             },

     

       128
       144
        
             "locked": {

     

       129
       129
       -
               "lastModified": 1759362264,

     

       130
       130
       -
               "narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",

     

       145
       145
       +
               "lastModified": 1763759067,

     

       146
       146
       +
               "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=",

     

       131
       147
        
               "owner": "hercules-ci",

     

       132
       148
        
               "repo": "flake-parts",

     

       133
       133
       -
               "rev": "758cf7296bee11f1706a574c77d072b8a7baa881",

     

       149
       149
       +
               "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0",

     

       134
       150
        
               "type": "github"

     

       135
       151
        
             },

     

       136
       152
        
             "original": {

     
···

       142
       158
        
           "flake-parts_2": {

     

       143
       159
        
             "inputs": {

     

       144
       160
        
               "nixpkgs-lib": [

     

       145
       145
       -
                 "lanzaboote",

     

       146
       146
       -
                 "nixpkgs"

     

       147
       147
       -
               ]

     

       148
       148
       -
             },

     

       149
       149
       -
             "locked": {

     

       150
       150
       -
               "lastModified": 1730504689,

     

       151
       151
       -
               "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",

     

       152
       152
       -
               "owner": "hercules-ci",

     

       153
       153
       -
               "repo": "flake-parts",

     

       154
       154
       -
               "rev": "506278e768c2a08bec68eb62932193e341f55c90",

     

       155
       155
       -
               "type": "github"

     

       156
       156
       -
             },

     

       157
       157
       -
             "original": {

     

       158
       158
       -
               "owner": "hercules-ci",

     

       159
       159
       -
               "repo": "flake-parts",

     

       160
       160
       -
               "type": "github"

     

       161
       161
       -
             }

     

       162
       162
       -
           },

     

       163
       163
       -
           "flake-parts_3": {

     

       164
       164
       -
             "inputs": {

     

       165
       165
       -
               "nixpkgs-lib": [

     

       166
       161
        
                 "mystia",

     

       167
       162
        
                 "nix-update-soopy",

     

       168
       163
        
                 "nixpkgs"

     
···

       205
       200
        
               "systems": "systems_2"

     

       206
       201
        
             },

     

       207
       202
        
             "locked": {

     

       208
       208
       -
               "lastModified": 1694529238,

     

       209
       209
       -
               "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",

     

       203
       203
       +
               "lastModified": 1731533236,

     

       204
       204
       +
               "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",

     

       210
       205
        
               "owner": "numtide",

     

       211
       206
        
               "repo": "flake-utils",

     

       212
       212
       -
               "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",

     

       207
       207
       +
               "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",

     

       213
       208
        
               "type": "github"

     

       214
       209
        
             },

     

       215
       210
        
             "original": {

     
···

       222
       217
        
             "inputs": {

     

       223
       218
        
               "flake-compat": "flake-compat",

     

       224
       219
        
               "flake-utils": "flake-utils",

     

       220
       220
       +
               "home-manager": "home-manager",

     

       225
       221
        
               "nixpkgs": "nixpkgs_2",

     

       226
       222
        
               "zig": "zig",

     

       227
       223
        
               "zon2nix": "zon2nix"

     

       228
       224
        
             },

     

       229
       225
        
             "locked": {

     

       230
       230
       -
               "lastModified": 1761316130,

     

       231
       231
       -
               "narHash": "sha256-q+qyjfdtiPWrT50ixRwthL0ONLjC4O7F2au/71qeAow=",

     

       226
       226
       +
               "lastModified": 1767049078,

     

       227
       227
       +
               "narHash": "sha256-BZ62cvoAvq74l82PB3gqTgg+ltz47FViC0N3RbWYxys=",

     

       232
       228
        
               "owner": "ghostty-org",

     

       233
       229
        
               "repo": "ghostty",

     

       234
       234
       -
               "rev": "3f75c66e8395d7389f05d360d89af567dcd22cba",

     

       230
       230
       +
               "rev": "1fa6641a6adf3936f6c8c81e14b5821d2de1a81b",

     

       235
       231
        
               "type": "github"

     

       236
       232
        
             },

     

       237
       233
        
             "original": {

     
···

       244
       240
        
             "inputs": {

     

       245
       241
        
               "nixpkgs": [

     

       246
       242
        
                 "lanzaboote",

     

       247
       247
       -
                 "pre-commit-hooks-nix",

     

       243
       243
       +
                 "pre-commit",

     

       248
       244
        
                 "nixpkgs"

     

       249
       245
        
               ]

     

       250
       246
        
             },

     
···

       271
       267
        
               ]

     

       272
       268
        
             },

     

       273
       269
        
             "locked": {

     

       274
       274
       -
               "lastModified": 1754078208,

     

       275
       275
       -
               "narHash": "sha256-YVoIFDCDpYuU3riaDEJ3xiGdPOtsx4sR5eTzHTytPV8=",

     

       270
       270
       +
               "lastModified": 1763982521,

     

       271
       271
       +
               "narHash": "sha256-ur4QIAHwgFc0vXiaxn5No/FuZicxBr2p0gmT54xZkUQ=",

     

       276
       272
        
               "owner": "nix-community",

     

       277
       273
        
               "repo": "gomod2nix",

     

       278
       278
       -
               "rev": "7f963246a71626c7fc70b431a315c4388a0c95cf",

     

       274
       274
       +
               "rev": "02e63a239d6eabd595db56852535992c898eba72",

     

       279
       275
        
               "type": "github"

     

       280
       276
        
             },

     

       281
       277
        
             "original": {

     
···

       303
       299
        
           "home-manager": {

     

       304
       300
        
             "inputs": {

     

       305
       301
        
               "nixpkgs": [

     

       302
       302
       +
                 "ghostty",

     

       306
       303
        
                 "nixpkgs"

     

       307
       304
        
               ]

     

       308
       305
        
             },

     

       309
       306
        
             "locked": {

     

       310
       310
       -
               "lastModified": 1758463745,

     

       311
       311
       -
               "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",

     

       307
       307
       +
               "lastModified": 1755776884,

     

       308
       308
       +
               "narHash": "sha256-CPM7zm6csUx7vSfKvzMDIjepEJv1u/usmaT7zydzbuI=",

     

       312
       309
        
               "owner": "nix-community",

     

       313
       310
        
               "repo": "home-manager",

     

       314
       314
       -
               "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",

     

       311
       311
       +
               "rev": "4fb695d10890e9fc6a19deadf85ff79ffb78da86",

     

       315
       312
        
               "type": "github"

     

       316
       313
        
             },

     

       317
       314
        
             "original": {

     
···

       321
       318
        
               "type": "github"

     

       322
       319
        
             }

     

       323
       320
        
           },

     

       321
       321
       +
           "home-manager_2": {

     

       322
       322
       +
             "inputs": {

     

       323
       323
       +
               "nixpkgs": [

     

       324
       324
       +
                 "nixpkgs"

     

       325
       325
       +
               ]

     

       326
       326
       +
             },

     

       327
       327
       +
             "locked": {

     

       328
       328
       +
               "lastModified": 1767024057,

     

       329
       329
       +
               "narHash": "sha256-B1aycRjMRvb6QOGbnqDhiDzZwMebj5jxZ5qyJzaKvpI=",

     

       330
       330
       +
               "owner": "nix-community",

     

       331
       331
       +
               "repo": "home-manager",

     

       332
       332
       +
               "rev": "34578a2fdfce4257ce5f5baf6e7efbd4e4e252b1",

     

       333
       333
       +
               "type": "github"

     

       334
       334
       +
             },

     

       335
       335
       +
             "original": {

     

       336
       336
       +
               "owner": "nix-community",

     

       337
       337
       +
               "ref": "release-25.11",

     

       338
       338
       +
               "repo": "home-manager",

     

       339
       339
       +
               "type": "github"

     

       340
       340
       +
             }

     

       341
       341
       +
           },

     

       324
       342
        
           "htmx-src": {

     

       325
       343
        
             "flake": false,

     

       326
       344
        
             "locked": {

     
···

       349
       367
        
             "inputs": {

     

       350
       368
        
               "nix": "nix",

     

       351
       369
        
               "nix-eval-jobs": "nix-eval-jobs",

     

       352
       352
       -
               "nixpkgs": "nixpkgs_4"

     

       370
       370
       +
               "nixpkgs": "nixpkgs_3"

     

       353
       371
        
             },

     

       354
       372
        
             "locked": {

     

       355
       355
       -
               "lastModified": 1760595422,

     

       356
       356
       -
               "narHash": "sha256-JMC6cX8dk5MwZSHQ8O3nrYaqXcGHi2xciBgfI45Z/KE=",

     

       373
       373
       +
               "lastModified": 1764105837,

     

       374
       374
       +
               "narHash": "sha256-odn4JAamENIUa+KfWCDi1BxM02TOmvhxyEdFLZrV+/4=",

     

       357
       375
        
               "owner": "NixOS",

     

       358
       376
        
               "repo": "hydra",

     

       359
       359
       -
               "rev": "0414ae64ebeea4ca0121515bdff42d7a3869862b",

     

       377
       377
       +
               "rev": "34ff66a460c21ee69d840c8c896d067405ba4a3e",

     

       360
       378
        
               "type": "github"

     

       361
       379
        
             },

     

       362
       380
        
             "original": {

     
···

       371
       389
        
               "lastModified": 1731402384,

     

       372
       390
        
               "narHash": "sha256-OwUmrPfEehLDz0fl2ChYLK8FQM2p0G1+EMrGsYEq+6g=",

     

       373
       391
        
               "type": "tarball",

     

       374
       374
       -
               "url": "https://github.com/IBM/plex/releases/download/@ibm/plex-mono@1.1.0/ibm-plex-mono.zip"

     

       392
       392
       +
               "url": "https://github.com/IBM/plex/releases/download/@ibm%2Fplex-mono@1.1.0/ibm-plex-mono.zip"

     

       375
       393
        
             },

     

       376
       394
        
             "original": {

     

       377
       395
        
               "type": "tarball",

     

       378
       378
       -
               "url": "https://github.com/IBM/plex/releases/download/@ibm/plex-mono@1.1.0/ibm-plex-mono.zip"

     

       396
       396
       +
               "url": "https://github.com/IBM/plex/releases/download/@ibm%2Fplex-mono@1.1.0/ibm-plex-mono.zip"

     

       379
       397
        
             }

     

       380
       398
        
           },

     

       381
       399
        
           "indigo": {

     
···

       434
       452
        
           "lanzaboote": {

     

       435
       453
        
             "inputs": {

     

       436
       454
        
               "crane": "crane",

     

       437
       437
       -
               "flake-compat": "flake-compat_2",

     

       438
       438
       -
               "flake-parts": "flake-parts_2",

     

       439
       455
        
               "nixpkgs": [

     

       440
       456
        
                 "nixpkgs"

     

       441
       457
        
               ],

     

       442
       442
       -
               "pre-commit-hooks-nix": "pre-commit-hooks-nix",

     

       458
       458
       +
               "pre-commit": "pre-commit",

     

       443
       459
        
               "rust-overlay": "rust-overlay"

     

       444
       460
        
             },

     

       445
       461
        
             "locked": {

     

       446
       446
       -
               "lastModified": 1737639419,

     

       447
       447
       -
               "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",

     

       462
       462
       +
               "lastModified": 1765382359,

     

       463
       463
       +
               "narHash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=",

     

       448
       464
        
               "owner": "nix-community",

     

       449
       465
        
               "repo": "lanzaboote",

     

       450
       450
       -
               "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",

     

       466
       466
       +
               "rev": "e8c096ade12ec9130ff931b0f0e25d2f1bc63607",

     

       451
       467
        
               "type": "github"

     

       452
       468
        
             },

     

       453
       469
        
             "original": {

     

       454
       470
        
               "owner": "nix-community",

     

       455
       455
       -
               "ref": "v0.4.2",

     

       471
       471
       +
               "ref": "v1.0.0",

     

       456
       472
        
               "repo": "lanzaboote",

     

       457
       473
        
               "type": "github"

     

       458
       474
        
             }

     
···

       474
       490
        
             "inputs": {

     

       475
       491
        
               "flake-compat": "flake-compat_3",

     

       476
       492
        
               "nix-update-soopy": "nix-update-soopy",

     

       477
       477
       -
               "nixpkgs": "nixpkgs_5",

     

       493
       493
       +
               "nixpkgs": "nixpkgs_4",

     

       478
       494
        
               "treefmt-nix": "treefmt-nix_2"

     

       479
       495
        
             },

     

       480
       496
        
             "locked": {

     

       481
       481
       -
               "lastModified": 1761292967,

     

       482
       482
       -
               "narHash": "sha256-JINYzhaU4tm8QY0frigjDq6kC+A1Or2in00etgOt0vE=",

     

       497
       497
       +
               "lastModified": 1765558006,

     

       498
       498
       +
               "narHash": "sha256-8o8J6YJgx7ZLZJfXlKL/upDyGuRFoTOTKeaLT4ZgUHw=",

     

       483
       499
        
               "owner": "soopyc",

     

       484
       500
        
               "repo": "mystia",

     

       485
       485
       -
               "rev": "aebe43cf8c2902cf9cf0a7b3959cf02ee9d7a1f1",

     

       501
       501
       +
               "rev": "5b177c1b32e2f671c1b4b92f0d71ec2a6a55fa9a",

     

       486
       502
        
               "type": "github"

     

       487
       503
        
             },

     

       488
       504
        
             "original": {

     
···

       532
       548
        
               ]

     

       533
       549
        
             },

     

       534
       550
        
             "locked": {

     

       535
       535
       -
               "lastModified": 1760846226,

     

       536
       536
       -
               "narHash": "sha256-xmU8kAsRprJiTGBTaGrwmjBP3AMA9ltlrxHKFuy5JWc=",

     

       551
       551
       +
               "lastModified": 1765267181,

     

       552
       552
       +
               "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=",

     

       537
       553
        
               "owner": "nix-community",

     

       538
       554
        
               "repo": "nix-index-database",

     

       539
       539
       -
               "rev": "5024e1901239a76b7bf94a4cd27f3507e639d49e",

     

       555
       555
       +
               "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f",

     

       540
       556
        
               "type": "github"

     

       541
       557
        
             },

     

       542
       558
        
             "original": {

     
···

       547
       563
        
           },

     

       548
       564
        
           "nix-update-soopy": {

     

       549
       565
        
             "inputs": {

     

       550
       550
       -
               "flake-parts": "flake-parts_3",

     

       566
       566
       +
               "flake-parts": "flake-parts_2",

     

       551
       567
        
               "nixpkgs": [

     

       552
       568
        
                 "mystia",

     

       553
       569
        
                 "nixpkgs"

     
···

       570
       586
        
           },

     

       571
       587
        
           "nixos-hardware": {

     

       572
       588
        
             "locked": {

     

       573
       573
       -
               "lastModified": 1760427889,

     

       574
       574
       -
               "narHash": "sha256-OqvmnwlfTU+/EoU8kJSPWitQuHBzswAPrxshw9duKi4=",

     

       589
       589
       +
               "lastModified": 1767105924,

     

       590
       590
       +
               "narHash": "sha256-Sr2uqrc5VVFm5zIqJw87MtB2skLcIQGMywmtjFecWn0=",

     

       575
       591
        
               "owner": "soopyc",

     

       576
       592
        
               "repo": "nixos-hardware",

     

       577
       577
       -
               "rev": "782e18a837d51d2035815a128a242f587e3bbd60",

     

       593
       593
       +
               "rev": "cd2b93bdcf720c6b68522eafd5aa1347a25a41b0",

     

       578
       594
        
               "type": "github"

     

       579
       595
        
             },

     

       580
       596
        
             "original": {

     
···

       596
       612
        
             "original": {

     

       597
       613
        
               "owner": "NixOS",

     

       598
       614
        
               "ref": "nixos-25.05",

     

       599
       599
       -
               "repo": "nixpkgs",

     

       600
       600
       -
               "type": "github"

     

       601
       601
       -
             }

     

       602
       602
       -
           },

     

       603
       603
       -
           "nixpkgs-stable": {

     

       604
       604
       -
             "locked": {

     

       605
       605
       -
               "lastModified": 1730741070,

     

       606
       606
       -
               "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",

     

       607
       607
       -
               "owner": "NixOS",

     

       608
       608
       -
               "repo": "nixpkgs",

     

       609
       609
       -
               "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",

     

       610
       610
       -
               "type": "github"

     

       611
       611
       -
             },

     

       612
       612
       -
             "original": {

     

       613
       613
       -
               "owner": "NixOS",

     

       614
       614
       -
               "ref": "nixos-24.05",

     

       615
       615
        
               "repo": "nixpkgs",

     

       616
       616
        
               "type": "github"

     

       617
       617
        
             }

     

       618
       618
        
           },

     

       619
       619
        
           "nixpkgs_2": {

     

       620
       620
        
             "locked": {

     

       621
       621
       -
               "lastModified": 315532800,

     

       622
       622
       -
               "narHash": "sha256-sV6pJNzFkiPc6j9Bi9JuHBnWdVhtKB/mHgVmMPvDFlk=",

     

       623
       623
       -
               "rev": "82c2e0d6dde50b17ae366d2aa36f224dc19af469",

     

       621
       621
       +
               "lastModified": 1763191728,

     

       622
       622
       +
               "narHash": "sha256-gI9PpaoX4/f28HkjcTbFVpFhtOxSDtOEdFaHZrdETe0=",

     

       623
       623
       +
               "rev": "1d4c88323ac36805d09657d13a5273aea1b34f0c",

     

       624
       624
        
               "type": "tarball",

     

       625
       625
       -
               "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre877938.82c2e0d6dde5/nixexprs.tar.xz"

     

       625
       625
       +
               "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre896415.1d4c88323ac3/nixexprs.tar.xz"

     

       626
       626
        
             },

     

       627
       627
        
             "original": {

     

       628
       628
        
               "type": "tarball",

     
···

       631
       631
        
           },

     

       632
       632
        
           "nixpkgs_3": {

     

       633
       633
        
             "locked": {

     

       634
       634
       -
               "lastModified": 1758360447,

     

       635
       635
       -
               "narHash": "sha256-XDY3A83bclygHDtesRoaRTafUd80Q30D/Daf9KSG6bs=",

     

       636
       636
       -
               "rev": "8eaee110344796db060382e15d3af0a9fc396e0e",

     

       637
       637
       -
               "type": "tarball",

     

       638
       638
       -
               "url": "https://releases.nixos.org/nixos/unstable/nixos-25.11pre864002.8eaee1103447/nixexprs.tar.xz"

     

       639
       639
       -
             },

     

       640
       640
       -
             "original": {

     

       641
       641
       -
               "type": "tarball",

     

       642
       642
       -
               "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"

     

       643
       643
       -
             }

     

       644
       644
       -
           },

     

       645
       645
       -
           "nixpkgs_4": {

     

       646
       646
       -
             "locked": {

     

       647
       647
       -
               "lastModified": 1759652726,

     

       648
       648
       -
               "narHash": "sha256-2VjnimOYDRb3DZHyQ2WH2KCouFqYm9h0Rr007Al/WSA=",

     

       634
       634
       +
               "lastModified": 1764020296,

     

       635
       635
       +
               "narHash": "sha256-6zddwDs2n+n01l+1TG6PlyokDdXzu/oBmEejcH5L5+A=",

     

       649
       636
        
               "owner": "NixOS",

     

       650
       637
        
               "repo": "nixpkgs",

     

       651
       651
       -
               "rev": "06b2985f0cc9eb4318bf607168f4b15af1e5e81d",

     

       638
       638
       +
               "rev": "a320ce8e6e2cc6b4397eef214d202a50a4583829",

     

       652
       639
        
               "type": "github"

     

       653
       640
        
             },

     

       654
       641
        
             "original": {

     

       655
       642
        
               "owner": "NixOS",

     

       656
       656
       -
               "ref": "nixos-25.05-small",

     

       643
       643
       +
               "ref": "nixos-25.11-small",

     

       657
       644
        
               "repo": "nixpkgs",

     

       658
       645
        
               "type": "github"

     

       659
       646
        
             }

     

       660
       647
        
           },

     

       661
       661
       -
           "nixpkgs_5": {

     

       648
       648
       +
           "nixpkgs_4": {

     

       662
       649
        
             "locked": {

     

       663
       663
       -
               "lastModified": 1761114652,

     

       664
       664
       -
               "narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",

     

       650
       650
       +
               "lastModified": 1763966396,

     

       651
       651
       +
               "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=",

     

       665
       652
        
               "owner": "NixOS",

     

       666
       653
        
               "repo": "nixpkgs",

     

       667
       667
       -
               "rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",

     

       654
       654
       +
               "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a",

     

       668
       655
        
               "type": "github"

     

       669
       656
        
             },

     

       670
       657
        
             "original": {

     
···

       673
       660
        
               "type": "indirect"

     

       674
       661
        
             }

     

       675
       662
        
           },

     

       676
       676
       -
           "nixpkgs_6": {

     

       663
       663
       +
           "nixpkgs_5": {

     

       677
       664
        
             "locked": {

     

       678
       678
       -
               "lastModified": 1761301304,

     

       679
       679
       -
               "narHash": "sha256-/UR943qCkSDpSJrABtcHn56cglxJoX45ezW1LtEHpUw=",

     

       680
       680
       -
               "rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb",

     

       665
       665
       +
               "lastModified": 1766885793,

     

       666
       666
       +
               "narHash": "sha256-3wE9FvGp15AXnwNsGH8gs+i/j/25EBvIoJapquYvB6I=",

     

       667
       667
       +
               "rev": "9ef261221d1e72399f2036786498d78c38185c46",

     

       681
       668
        
               "type": "tarball",

     

       682
       682
       -
               "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.811621.c8aa8cc00a5c/nixexprs.tar.xz"

     

       669
       669
       +
               "url": "https://releases.nixos.org/nixos/25.11/nixos-25.11.2679.9ef261221d1e/nixexprs.tar.xz"

     

       683
       670
        
             },

     

       684
       671
        
             "original": {

     

       685
       672
        
               "type": "tarball",

     

       686
       686
       -
               "url": "https://nixpkgs.dev/channel/nixos-25.05"

     

       673
       673
       +
               "url": "https://nixpkgs.dev/channel/nixos-25.11"

     

       687
       674
        
             }

     

       688
       675
        
           },

     

       689
       689
       -
           "pre-commit-hooks-nix": {

     

       676
       676
       +
           "pre-commit": {

     

       690
       677
        
             "inputs": {

     

       691
       691
       -
               "flake-compat": [

     

       692
       692
       -
                 "lanzaboote",

     

       693
       693
       -
                 "flake-compat"

     

       694
       694
       -
               ],

     

       678
       678
       +
               "flake-compat": "flake-compat_2",

     

       695
       679
        
               "gitignore": "gitignore",

     

       696
       680
        
               "nixpkgs": [

     

       697
       681
        
                 "lanzaboote",

     

       698
       682
        
                 "nixpkgs"

     

       699
       699
       -
               ],

     

       700
       700
       -
               "nixpkgs-stable": "nixpkgs-stable"

     

       683
       683
       +
               ]

     

       701
       684
        
             },

     

       702
       685
        
             "locked": {

     

       703
       703
       -
               "lastModified": 1731363552,

     

       704
       704
       -
               "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",

     

       686
       686
       +
               "lastModified": 1765016596,

     

       687
       687
       +
               "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=",

     

       705
       688
        
               "owner": "cachix",

     

       706
       689
        
               "repo": "pre-commit-hooks.nix",

     

       707
       707
       -
               "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",

     

       690
       690
       +
               "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c",

     

       708
       691
        
               "type": "github"

     

       709
       692
        
             },

     

       710
       693
        
             "original": {

     
···

       718
       701
        
               "arion": "arion",

     

       719
       702
        
               "catppuccin": "catppuccin",

     

       720
       703
        
               "ghostty": "ghostty",

     

       721
       721
       -
               "home-manager": "home-manager",

     

       704
       704
       +
               "home-manager": "home-manager_2",

     

       722
       705
        
               "hydra": "hydra",

     

       723
       706
        
               "knotserver-module": "knotserver-module",

     

       724
       707
        
               "lanzaboote": "lanzaboote",

     

       725
       708
        
               "mystia": "mystia",

     

       726
       709
        
               "nix-index-database": "nix-index-database",

     

       727
       710
        
               "nixos-hardware": "nixos-hardware",

     

       728
       728
       -
               "nixpkgs": "nixpkgs_6",

     

       711
       711
       +
               "nixpkgs": "nixpkgs_5",

     

       729
       712
        
               "sops-nix": "sops-nix",

     

       730
       713
        
               "tangled-core": "tangled-core",

     

       731
       714
        
               "treefmt-nix": "treefmt-nix_3",

     
···

       740
       723
        
               ]

     

       741
       724
        
             },

     

       742
       725
        
             "locked": {

     

       743
       743
       -
               "lastModified": 1731897198,

     

       744
       744
       -
               "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",

     

       726
       726
       +
               "lastModified": 1765075567,

     

       727
       727
       +
               "narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=",

     

       745
       728
        
               "owner": "oxalica",

     

       746
       729
        
               "repo": "rust-overlay",

     

       747
       747
       -
               "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",

     

       730
       730
       +
               "rev": "769156779b41e8787a46ca3d7d76443aaf68be6f",

     

       748
       731
        
               "type": "github"

     

       749
       732
        
             },

     

       750
       733
        
             "original": {

     
···

       760
       743
        
               ]

     

       761
       744
        
             },

     

       762
       745
        
             "locked": {

     

       763
       763
       -
               "lastModified": 1760998189,

     

       764
       764
       -
               "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",

     

       746
       746
       +
               "lastModified": 1766894905,

     

       747
       747
       +
               "narHash": "sha256-pn8AxxfajqyR/Dmr1wnZYdUXHgM3u6z9x0Z1Ijmz2UQ=",

     

       765
       748
        
               "owner": "Mic92",

     

       766
       749
        
               "repo": "sops-nix",

     

       767
       767
       -
               "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",

     

       750
       750
       +
               "rev": "61b39c7b657081c2adc91b75dd3ad8a91d6f07a7",

     

       768
       751
        
               "type": "github"

     

       769
       752
        
             },

     

       770
       753
        
             "original": {

     
···

       818
       801
        
           },

     

       819
       802
        
           "tangled-core": {

     

       820
       803
        
             "inputs": {

     

       804
       804
       +
               "actor-typeahead-src": "actor-typeahead-src",

     

       821
       805
        
               "flake-compat": "flake-compat_4",

     

       822
       806
        
               "gomod2nix": "gomod2nix",

     

       823
       807
        
               "htmx-src": "htmx-src",

     
···

       832
       816
        
               "sqlite-lib-src": "sqlite-lib-src"

     

       833
       817
        
             },

     

       834
       818
        
             "locked": {

     

       835
       835
       -
               "lastModified": 1761152151,

     

       836
       836
       -
               "narHash": "sha256-CEIJqCphXGAt1zzc/Q316G+sfYmpCtJ9ZVWNoXa1mk4=",

     

       819
       819
       +
               "lastModified": 1767063361,

     

       820
       820
       +
               "narHash": "sha256-MyxjxAfOw6LgPGbv/m/am5E080jtc+FunlYFu5HIVUU=",

     

       837
       821
        
               "ref": "refs/heads/master",

     

       838
       838
       -
               "rev": "0a2ae70c248e8b880b6c109e3af8eddc0d69212b",

     

       839
       839
       -
               "revCount": 1551,

     

       822
       822
       +
               "rev": "4bdc9dfe9bb5ed8f5dfea30b9a45bc93b1430535",

     

       823
       823
       +
               "revCount": 1779,

     

       840
       824
        
               "type": "git",

     

       841
       825
        
               "url": "https://tangled.org/@tangled.sh/core"

     

       842
       826
        
             },

     
···

       875
       859
        
               ]

     

       876
       860
        
             },

     

       877
       861
        
             "locked": {

     

       878
       878
       -
               "lastModified": 1760945191,

     

       879
       879
       -
               "narHash": "sha256-ZRVs8UqikBa4Ki3X4KCnMBtBW0ux1DaT35tgsnB1jM4=",

     

       862
       862
       +
               "lastModified": 1762938485,

     

       863
       863
       +
               "narHash": "sha256-AlEObg0syDl+Spi4LsZIBrjw+snSVU4T8MOeuZJUJjM=",

     

       880
       864
        
               "owner": "numtide",

     

       881
       865
        
               "repo": "treefmt-nix",

     

       882
       882
       -
               "rev": "f56b1934f5f8fcab8deb5d38d42fd692632b47c2",

     

       866
       866
       +
               "rev": "5b4ee75aeefd1e2d5a1cc43cf6ba65eba75e83e4",

     

       883
       867
        
               "type": "github"

     

       884
       868
        
             },

     

       885
       869
        
             "original": {

     
···

       895
       879
        
               ]

     

       896
       880
        
             },

     

       897
       881
        
             "locked": {

     

       898
       898
       -
               "lastModified": 1761311587,

     

       899
       899
       -
               "narHash": "sha256-Msq86cR5SjozQGCnC6H8C+0cD4rnx91BPltZ9KK613Y=",

     

       882
       882
       +
               "lastModified": 1767086983,

     

       883
       883
       +
               "narHash": "sha256-l4c8HQkgsB15BUZI1SHLAZHQ7822iIkJtOsdIuXIO4s=",

     

       900
       884
        
               "owner": "numtide",

     

       901
       885
        
               "repo": "treefmt-nix",

     

       902
       902
       -
               "rev": "2eddae033e4e74bf581c2d1dfa101f9033dbd2dc",

     

       886
       886
       +
               "rev": "c9eb5bb179067ddced348aca023a3fbf8b5832c5",

     

       903
       887
        
               "type": "github"

     

       904
       888
        
             },

     

       905
       889
        
             "original": {

     
···

       942
       926
        
               ]

     

       943
       927
        
             },

     

       944
       928
        
             "locked": {

     

       945
       945
       -
               "lastModified": 1760401936,

     

       946
       946
       -
               "narHash": "sha256-/zj5GYO5PKhBWGzbHbqT+ehY8EghuABdQ2WGfCwZpCQ=",

     

       929
       929
       +
               "lastModified": 1763295135,

     

       930
       930
       +
               "narHash": "sha256-sGv/NHCmEnJivguGwB5w8LRmVqr1P72OjS+NzcJsssE=",

     

       947
       931
        
               "owner": "mitchellh",

     

       948
       932
        
               "repo": "zig-overlay",

     

       949
       949
       -
               "rev": "365085b6652259753b598d43b723858184980bbe",

     

       933
       933
       +
               "rev": "64f8b42cfc615b2cf99144adf2b7728c7847c72a",

     

       950
       934
        
               "type": "github"

     

       951
       935
        
             },

     

       952
       936
        
             "original": {

     
···

       957
       941
        
           },

     

       958
       942
        
           "zon2nix": {

     

       959
       943
        
             "inputs": {

     

       960
       960
       -
               "nixpkgs": "nixpkgs_3"

     

       944
       944
       +
               "nixpkgs": [

     

       945
       945
       +
                 "ghostty",

     

       946
       946
       +
                 "nixpkgs"

     

       947
       947
       +
               ]

     

       961
       948
        
             },

     

       962
       949
        
             "locked": {

     

       963
       950
        
               "lastModified": 1758405547,

+4 -4

flake.nix

···

       15
       15
        
         inputs = {

     

       16
       16
        
           mystia.url = "github:soopyc/mystia";

     

       17
       17
        
           # nixpkgs.follows = "mystia/nixpkgs";

     

       18
       18
       -
           nixpkgs.url = "https://nixpkgs.dev/channel/nixos-25.05";

     

       18
       18
       +
           nixpkgs.url = "https://nixpkgs.dev/channel/nixos-25.11";

     

       19
       19
        
       

     

       20
       20
        
           nixos-hardware.url = "github:soopyc/nixos-hardware/apple-t2-updates";

     

       21
       21
       -
           catppuccin.url = "github:catppuccin/nix/release-25.05";

     

       21
       21
       +
           catppuccin.url = "github:catppuccin/nix/release-25.05"; # TODO

     

       22
       22
        
           hydra.url = "github:NixOS/hydra";

     

       23
       23
        
           ghostty.url = "github:ghostty-org/ghostty";

     

       24
       24
        
       

     
···

       29
       29
        
       

     

       30
       30
        
           home-manager = {

     

       31
       31
        
             # sync with nixpkgs!

     

       32
       32
       -
             url = "github:nix-community/home-manager/release-25.05";

     

       32
       32
       +
             url = "github:nix-community/home-manager/release-25.11";

     

       33
       33
        
             inputs.nixpkgs.follows = "nixpkgs";

     

       34
       34
        
           };

     

       35
       35
        
       

     
···

       39
       39
        
           };

     

       40
       40
        
       

     

       41
       41
        
           lanzaboote = {

     

       42
       42
       -
             url = "github:nix-community/lanzaboote/v0.4.2";

     

       42
       42
       +
             url = "github:nix-community/lanzaboote/v1.0.0";

     

       43
       43
        
             inputs.nixpkgs.follows = "nixpkgs";

     

       44
       44
        
           };

     

       45
       45

-2

global/gensokyo/presets/nginx.nix

···

       1
       1
        
       {

     

       2
       2
        
         lib,

     

       3
       3
       -
         pkgs,

     

       4
       3
        
         config,

     

       5
       4
        
         ...

     

       6
       5
        
       }:

     
···

       13
       12
        
             services.nginx = {

     

       14
       13
        
               enable = lib.mkDefault true;

     

       15
       14
        
               enableReload = lib.mkDefault true;

     

       16
       16
       -
               package = lib.mkDefault pkgs.nginxQuic;

     

       17
       15
        
       

     

       18
       16
        
               statusPage = true;

     

       19
       17

+1 -2

global/gui/browser.nix

···

       1
       1
        
       {

     

       2
       2
       -
         pkgs,

     

       3
       2
        
         lib,

     

       4
       3
        
         config,

     

       5
       4
        
         ...

     
···

       7
       6
        
       lib.mkIf config.gensokyo.traits.gui {

     

       8
       7
        
         programs.firefox = {

     

       9
       8
        
           enable = true;

     

       10
       10
       -
           package = pkgs.firefox-devedition;

     

       9
       9
       +
           # package = pkgs.firefox-devedition;

     

       11
       10
        
         };

     

       12
       11
        
       }

+7 -7

global/gui/dm.nix

···

       1
       1
        
       {

     

       2
       2
        
         config,

     

       3
       3
        
         lib,

     

       4
       4
       -
         pkgs,

     

       4
       4
       +
         # pkgs,

     

       5
       5
        
         ...

     

       6
       6
        
       }:

     

       7
       7
        
       lib.mkIf config.gensokyo.traits.gui {

     
···

       9
       9
        
           enable = true;

     

       10
       10
        
           autoNumlock = true;

     

       11
       11
        
           wayland.enable = true;

     

       12
       12
       -
           theme = "catppuccin-frappe";

     

       12
       12
       +
           # theme = "catppuccin-frappe";

     

       13
       13
        
         };

     

       14
       14
        
       

     

       15
       15
       -
         environment.systemPackages = [

     

       16
       16
       -
           (pkgs.catppuccin-sddm.override {

     

       17
       17
       -
             flavor = "frappe";

     

       18
       18
       -
           })

     

       19
       19
       -
         ];

     

       15
       15
       +
         # environment.systemPackages = [

     

       16
       16
       +
         #   (pkgs.catppuccin-sddm.override {

     

       17
       17
       +
         #     flavor = "frappe";

     

       18
       18
       +
         #   })

     

       19
       19
       +
         # ];

     

       20
       20
        
       }

+11 -10

global/gui/fonts.nix

···

       2
       2
        
         pkgs,

     

       3
       3
        
         lib,

     

       4
       4
        
         config,

     

       5
       5
       -
         inputs,

     

       5
       5
       +
         # inputs,

     

       6
       6
        
         ...

     

       7
       7
        
       }:

     

       8
       8
        
       lib.mkIf config.gensokyo.traits.gui {

     

       9
       9
       -
         fonts.packages = [

     

       10
       10
       -
           pkgs.nerd-fonts.hurmit

     

       11
       11
       -
           pkgs.nerd-fonts.fira-mono

     

       9
       9
       +
         fonts.packages = with pkgs; [

     

       10
       10
       +
           nerd-fonts.hurmit

     

       11
       11
       +
           nerd-fonts.fira-mono

     

       12
       12
        
       

     

       13
       13
       -
           pkgs.cozette

     

       14
       14
       -
           pkgs.fira-code

     

       15
       15
       -
           pkgs.noto-fonts

     

       16
       16
       -
           pkgs.noto-fonts-cjk-sans

     

       17
       17
       -
           pkgs.noto-fonts-emoji-blob-bin

     

       13
       13
       +
           cozette

     

       14
       14
       +
           fira-code

     

       15
       15
       +
           noto-fonts

     

       16
       16
       +
           noto-fonts-cjk-sans

     

       17
       17
       +
           noto-fonts-emoji-blob-bin

     

       18
       18
        
       

     

       19
       19
       -
           inputs.mystia.packages.${pkgs.system}.nishiki-teki

     

       19
       19
       +
           last-resort

     

       20
       20
       +
           # inputs.mystia.packages.${pkgs.system}.nishiki-teki

     

       20
       21
        
         ];

     

       21
       22
        
       

     

       22
       23
        
         fonts.fontconfig = {

global/gui/input.nix

···

       17
       17
        
             ];

     

       18
       18
        
           };

     

       19
       19
        
         };

     

       20
       20
       +
       

     

       21
       21
       +
         environment.systemPackages = [

     

       22
       22
       +
           pkgs.showmethekey

     

       23
       23
       +
         ];

     

       20
       24
        
       }

+6 -5

global/gui/packages.nix

···

       6
       6
        
         ...

     

       7
       7
        
       }:

     

       8
       8
        
       lib.mkIf config.gensokyo.traits.gui {

     

       9
       9
       -
         environment.systemPackages = [

     

       10
       10
       -
           pkgs.vlc

     

       11
       11
       -
           pkgs.flameshot

     

       12
       12
       -
           pkgs.libnotify

     

       13
       13
       -
           pkgs.thunderbird

     

       9
       9
       +
         environment.systemPackages = with pkgs; [

     

       10
       10
       +
           vlc

     

       11
       11
       +
           flameshot

     

       12
       12
       +
           libnotify

     

       13
       13
       +
           thunderbird

     

       14
       14
       +
       

     

       14
       15
        
           inputs.ghostty.packages.${pkgs.system}.default

     

       15
       16
        
         ];

     

       16
       17
        
       }

global/gui/wine.nix

···

       9
       9
        
           pkgs.wineWowPackages.full

     

       10
       10
        
           pkgs.winetricks

     

       11
       11
        
       

     

       12
       12
       +
           pkgs.umu-launcher

     

       13
       13
       +
       

     

       12
       14
        
           (pkgs.bottles.override {

     

       13
       15
        
             removeWarningPopup = true;

     

       14
       16
        
           })

+5 -4

global/overlays/default.nix

···

       1
       1
       -
       inputs: [

     

       2
       2
       -
         # we can probably live without an overlay?

     

       3
       3
       -
         # inputs.mystia.overlays.default

     

       4
       4
       -
       ]

     

       1
       1
       +
       _: [ ]

     

       2
       2
       +
       # inputs: [

     

       3
       3
       +
       #   # we can probably live without an overlay?

     

       4
       4
       +
       #   # inputs.mystia.overlays.default

     

       5
       5
       +
       # ]

+1 -1

global/programs/misc.nix

global/programs/networking.nix

···

       1
       1
        
       {

     

       2
       2
        
         lib,

     

       3
       3
        
         config,

     

       4
       4
       +
         pkgs,

     

       4
       5
        
         ...

     

       5
       6
        
       }:

     

       6
       7
        
       lib.mkMerge [

     
···

       31
       32
        
       

     

       32
       33
        
         (lib.mkIf config.gensokyo.traits.portable {

     

       33
       34
        
           networking.networkmanager.wifi.backend = "wpa_supplicant";

     

       35
       35
       +
         })

     

       36
       36
       +
       

     

       37
       37
       +
         # TODO: maybe we should move these to /global/gui?

     

       38
       38
       +
         (lib.mkIf config.gensokyo.traits.gui {

     

       39
       39
       +
           networking.networkmanager.plugins = with pkgs; [

     

       40
       40
       +
             networkmanager-openconnect

     

       41
       41
       +
           ];

     

       34
       42
        
         })

     

       35
       43
        
       

     

       36
       44
        
         (lib.mkIf (!config.gensokyo.traits.sensitive) {

global/programs/nix/config.nix

···

       41
       41
        
             max-jobs = "auto";

     

       42
       42
        
             auto-optimise-store = true;

     

       43
       43
        
             download-buffer-size = 268435456; # 256 MiB

     

       44
       44
       +
       

     

       45
       45
       +
             trace-import-from-derivation = true;

     

       44
       46
        
           };

     

       45
       47
        
       

     

       46
       48
        
           nix.gc = {

global/programs/scm.nix

···

       7
       7
        
             push.autoSetupRemote = true;

     

       8
       8
        
             gpg.ssh.allowedSignersFile = pkgs.writeText "soopyc.allowedsigners" ''

     

       9
       9
        
               me@soopy.moe namespaces="git" ${builtins.readFile ../../creds/ssh/auth}

     

       10
       10
       +
               git@soopy.moe namespaces="git" ${builtins.readFile ../../creds/ssh/auth}

     

       10
       11
        
             '';

     

       11
       12
        
       

     

       12
       13
        
             rebase.autoStash = true;

+2 -1

global/programs/security/crypto.nix

···

       3
       3
        
       {

     

       4
       4
        
         environment.systemPackages = with pkgs; [

     

       5
       5
        
           gnupg

     

       6
       6
       -
           pinentry

     

       6
       6
       +
           pinentry-curses

     

       7
       7
       +
           pinentry-qt

     

       7
       8
        
           opensc

     

       8
       9
        
       

     

       9
       10
        
           rage

global/programs/security/kanidm.nix

···

       1
       1
       +
       { pkgs, ... }:

     

       1
       2
        
       {

     

       2
       3
        
         services.kanidm = {

     

       3
       4
        
           enableClient = true;

     

       5
       5
       +
           package = pkgs.kanidm_1_8;

     

       4
       6
        
           clientSettings = {

     

       5
       7
        
             uri = "https://serenity.mist-nessie.ts.net";

     

       6
       8
        
           };

+7 -1

global/programs/shells.nix

···

       1
       1
       -
       { pkgs, ... }:

     

       1
       1
       +
       { pkgs, lib, ... }:

     

       2
       2
        
       {

     

       3
       3
        
         users.defaultUserShell = pkgs.zsh;

     

       4
       4
        
         programs.zsh = {

     
···

       27
       27
        
         programs.direnv = {

     

       28
       28
        
           enable = true;

     

       29
       29
        
           nix-direnv.enable = true;

     

       30
       30
       +
         };

     

       31
       31
       +
       

     

       32
       32
       +
         programs.pay-respects = {

     

       33
       33
       +
           enable = true;

     

       34
       34
       +
           alias = "fuck";

     

       35
       35
       +
           aiIntegration = lib.mkForce false;

     

       30
       36
        
         };

     

       31
       37
        
       

     

       32
       38
        
         # conflicts with comma

global/programs/ssh.nix

···

       42
       42
        
             ConnectTimeout 5

     

       43
       43
        
           ''; # if things exceed 5 seconds to connect something has gone wrong. Fail fast to not wait.

     

       44
       44
        
         };

     

       45
       45
       +
       

     

       46
       46
       +
         # i did not consent to having this automatically enabled

     

       47
       47
       +
         services.gnome.gcr-ssh-agent.enable = false;

     

       45
       48
        
       }

+2 -2

systems/koumakan/certificates/default.nix

···

       1
       1
       -
       { ... }:

     

       2
       1
        
       {

     

       3
       2
        
         imports = [

     

       4
       3
        
           ./global.nix

     

       5
       5
       -
           ./postgresql.nix

     

       4
       4
       +
           # ./postgresql.nix

     

       6
       5
        
           ./fediverse.nix

     

       7
       6
        
           ./bsky-pds.nix

     

       8
       7
        
           ./breezewiki.nix

     

       8
       8
       +
           ./garage-s3.nix

     

       9
       9
        
         ];

     

       10
       10
        
       }

+10

systems/koumakan/certificates/garage-s3.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         # Certificate for garage domains

     

       3
       3
       +
         security.acme.certs."s3.soopy.moe" = {

     

       4
       4
       +
           group = "nginx";

     

       5
       5
       +
           extraDomainNames = [

     

       6
       6
       +
             "*.s3.soopy.moe"

     

       7
       7
       +
             "*.s3web.soopy.moe"

     

       8
       8
       +
           ];

     

       9
       9
       +
         };

     

       10
       10
       +
       }

systems/koumakan/certificates/postgresql.nix

···

       1
       1
       +
       # WARN: unused. see default.nix

     

       2
       2
       +
       

     

       1
       3
        
       { config, ... }:

     

       2
       4
        
       {

     

       3
       5
        
         # PostgreSQL only certificate

systems/koumakan/hardware-configuration.nix

···

       39
       39
        
           ];

     

       40
       40
        
         };

     

       41
       41
        
       

     

       42
       42
       +
         fileSystems."/var/lib/garage/data" = {

     

       43
       43
       +
           device = "/dev/disk/by-uuid/99607c97-0dc6-403e-b09a-7b40735f9176";

     

       44
       44
       +
           fsType = "xfs";

     

       45
       45
       +
         };

     

       46
       46
       +
       

     

       42
       47
        
         swapDevices = [

     

       43
       48
        
           { device = "/dev/disk/by-uuid/902b902d-3486-49de-9a58-7a079c9a090d"; }

     

       44
       49
        
         ];

+20

systems/koumakan/networking/firewall.nix

···

       16
       16
        
               from = 50000;

     

       17
       17
        
               to = 50100;

     

       18
       18
        
             }

     

       19
       19
       +
       

     

       20
       20
       +
             # minecraft

     

       21
       21
       +
             {

     

       22
       22
       +
               from = 25560;

     

       23
       23
       +
               to = 25599;

     

       24
       24
       +
             }

     

       19
       25
        
           ];

     

       20
       26
        
           allowedUDPPorts = [

     

       21
       27
        
             443 # https over quic (http3)

     

       28
       28
       +
           ];

     

       29
       29
       +
       

     

       30
       30
       +
           allowedUDPPortRanges = [

     

       31
       31
       +
             # more minecraft

     

       32
       32
       +
             {

     

       33
       33
       +
               from = 25560;

     

       34
       34
       +
               to = 25599;

     

       35
       35
       +
             }

     

       36
       36
       +
       

     

       37
       37
       +
             # plasmo voice

     

       38
       38
       +
             {

     

       39
       39
       +
               from = 55111;

     

       40
       40
       +
               to = 55199;

     

       41
       41
       +
             }

     

       22
       42
        
           ];

     

       23
       43
        
         };

     

       24
       44

+1 -1

systems/koumakan/services/ci/hydra/default.nix

···

       72
       72
        
       

     

       73
       73
        
             max_output_size = 5368709120 # 5 << 30 (5 GiB)

     

       74
       74
        
             upload_logs_to_binary_cache = true

     

       75
       75
       -
             store_uri = s3://nix-cache?scheme=https&endpoint=s3.soopy.moe&compression=zstd&parallel-compression=true&write-nar-listing=true&ls-compression=br&log-compression=br&region=ap-east-1&secret-key=${secrets.get "signing_key/v1"}

     

       75
       75
       +
             store_uri = s3://cache.soopy.moe?scheme=https&endpoint=s3.soopy.moe&compression=zstd&parallel-compression=true&write-nar-listing=true&ls-compression=br&log-compression=br&region=ap-east-1&secret-key=${secrets.get "signing_key/v1"}

     

       76
       76
        
       

     

       77
       77
        
             binary_cache_public_uri = https://cache.soopy.moe

     

       78
       78
        
             log_prefix = https://cache.soopy.moe/

+16 -20

systems/koumakan/services/databases/postgresql.nix

···

       19
       19
        
             host    all             all             ::1/128                 scram-sha-256

     

       20
       20
        
           '';

     

       21
       21
        
       

     

       22
       22
       -
           settings =

     

       23
       23
       -
             let

     

       24
       24
       -
               credsDir = "/run/credentials/postgresql.service";

     

       25
       25
       -
             in

     

       26
       26
       -
             {

     

       27
       27
       -
               listen_addresses = pkgs.lib.mkForce "*";

     

       28
       28
       -
               max_connections = 200;

     

       29
       29
       -
               password_encryption = "scram-sha-256";

     

       22
       22
       +
           settings = {

     

       23
       23
       +
             listen_addresses = pkgs.lib.mkForce "*";

     

       24
       24
       +
             max_connections = 200;

     

       25
       25
       +
             password_encryption = "scram-sha-256";

     

       30
       26
        
       

     

       31
       31
       -
               log_line_prefix = "%m [%p] %h ";

     

       32
       32
       -
               ssl = "on";

     

       33
       33
       -
               ssl_cert_file = "${credsDir}/cert.pem";

     

       34
       34
       -
               ssl_key_file = "${credsDir}/key.pem";

     

       27
       27
       +
             log_line_prefix = "%m [%p] %h ";

     

       28
       28
       +
             # ssl = "on";

     

       29
       29
       +
             # ssl_cert_file = "${credsDir}/cert.pem";

     

       30
       30
       +
             # ssl_key_file = "${credsDir}/key.pem";

     

       35
       31
        
       

     

       36
       36
       -
               log_hostname = true;

     

       37
       37
       -
               datestyle = "iso, dmy";

     

       38
       38
       -
               log_timezone = "Asia/Hong_Kong";

     

       39
       39
       -
               timezone = "Asia/Hong_Kong";

     

       40
       40
       -
               default_text_search_config = "pg_catalog.english";

     

       32
       32
       +
             log_hostname = true;

     

       33
       33
       +
             datestyle = "iso, dmy";

     

       34
       34
       +
             log_timezone = "Asia/Hong_Kong";

     

       35
       35
       +
             timezone = "Asia/Hong_Kong";

     

       36
       36
       +
             default_text_search_config = "pg_catalog.english";

     

       41
       37
        
       

     

       42
       42
       -
               max_wal_size = "2GB";

     

       43
       43
       -
               min_wal_size = "80MB";

     

       44
       44
       -
             };

     

       38
       38
       +
             max_wal_size = "2GB";

     

       39
       39
       +
             min_wal_size = "80MB";

     

       40
       40
       +
           };

     

       45
       41
        
         };

     

       46
       42
        
       

     

       47
       43
        
         users.users.postgres.useDefaultShell = lib.mkForce false;

+1 -1

systems/koumakan/services/proxies/default.nix

···

       1
       1
       -
       { ... }:

     

       2
       1
        
       {

     

       3
       2
        
         imports = [

     

       4
       3
        
           ./nitter.nix

     

       5
       4
        
           ./searxng.nix

     

       6
       5
        
           ./minio.nix

     

       6
       6
       +
           ./nginx-stream.nix

     

       7
       7
        
         ];

     

       8
       8
        
       }

-46

systems/koumakan/services/proxies/minio.nix

···

       2
       2
        
         _utils,

     

       3
       3
        
         lib,

     

       4
       4
        
         config,

     

       5
       5
       -
         inputs,

     

       6
       5
        
         ...

     

       7
       6
        
       }:

     

       8
       7
        
       let

     
···

       35
       34
        
         systemd.services.minio.environment = {

     

       36
       35
        
           MINIO_BROWSER_REDIRECT_URL = "https://s3.soopy.moe/_static";

     

       37
       36
        
           MINIO_BROWSER_LOGIN_ANIMATION = "false";

     

       38
       38
       -
         };

     

       39
       39
       -
       

     

       40
       40
       -
         services.nginx.virtualHosts = {

     

       41
       41
       -
           "s3.soopy.moe" = _utils.mkSimpleProxy {

     

       42
       42
       -
             port = 26531;

     

       43
       43
       -
             extraConfig = {

     

       44
       44
       -
               extraConfig = ''

     

       45
       45
       -
                 client_max_body_size 32G;

     

       46
       46
       -
               '';

     

       47
       47
       -
       

     

       48
       48
       -
               locations."= /_static" = _utils.mkNginxFile {

     

       49
       49
       -
                 content = ''

     

       50
       50
       -
                   <!doctype html>

     

       51
       51
       -
                   <html lang="en">

     

       52
       52
       -
                   <head>

     

       53
       53
       -
                     <title>horrors of gensokyo</title>

     

       54
       54
       -
                     <style>

     

       55
       55
       -
                       :root {font-family: "monospace";}

     

       56
       56
       -
                     </style>

     

       57
       57
       -
                   </head>

     

       58
       58
       -
                   <body>

     

       59
       59
       -
                     <h1>gensokyo filedump - public buckets</h1>

     

       60
       60
       -
                     <ul>

     

       61
       61
       -
                       <li><a href="//cache.soopy.moe">nix-cache</a></li>

     

       62
       62
       -
                       <li>lwjgl-nix</li>

     

       63
       63
       -
                     </ul>

     

       64
       64
       -
                   </body>

     

       65
       65
       -
                   </html>

     

       66
       66
       -
                 '';

     

       67
       67
       -
               };

     

       68
       68
       -
             };

     

       69
       69
       -
           };

     

       70
       70
       -
       

     

       71
       71
       -
           "cache.soopy.moe" = _utils.mkVhost {

     

       72
       72
       -
             locations."/".proxyPass = "http://localhost:26531/nix-cache/";

     

       73
       73
       -
       

     

       74
       74
       -
             locations."= /" = {

     

       75
       75
       -
               tryFiles = "/listing.html =500";

     

       76
       76
       -
               root = inputs.mystia.packages.x86_64-linux.s3-listing.override {

     

       77
       77
       -
                 bucketName = "nix-cache";

     

       78
       78
       -
                 bucketUrl = "https://s3.soopy.moe/nix-cache/";

     

       79
       79
       -
                 bucketWebsiteUrl = "https://cache.soopy.moe";

     

       80
       80
       -
               };

     

       81
       81
       -
             };

     

       82
       82
       -
           };

     

       83
       37
        
         };

     

       84
       38
        
       

     

       85
       39
        
         systemd.services.vmagent.serviceConfig.LoadCredential = [

+44

systems/koumakan/services/proxies/nginx-stream.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         systemd.tmpfiles.settings."nginx-stream-log"."/var/log/nginx/stream"."d" = {

     

       3
       3
       +
           user = "nginx";

     

       4
       4
       +
           group = "nginx";

     

       5
       5
       +
           mode = "0750";

     

       6
       6
       +
         };

     

       7
       7
       +
         # NOTE: this doesn't work properly atm, we cba setting up routing stuff right now.

     

       8
       8
       +
         # systemd.services.nginx.serviceConfig = {

     

       9
       9
       +
         #   # needed for transparent proxying

     

       10
       10
       +
         #   CapabilityBoundingSet = ["CAP_NET_RAW"];

     

       11
       11
       +
         #   AmbientCapabilities = ["CAP_NET_RAW"];

     

       12
       12
       +
         # };

     

       13
       13
       +
       

     

       14
       14
       +
         services.nginx.streamConfig = ''

     

       15
       15
       +
           resolver 100.100.100.100;

     

       16
       16
       +
           # proxy_bind $remote_addr transparent;

     

       17
       17
       +
           proxy_connect_timeout 1s;

     

       18
       18
       +
           proxy_timeout 30s;

     

       19
       19
       +
       

     

       20
       20
       +
           log_format basic_stream '$remote_addr [$time_local] '

     

       21
       21
       +
                                   '$protocol $status $bytes_sent $bytes_received '

     

       22
       22
       +
                                   '$session_time';

     

       23
       23
       +
       

     

       24
       24
       +
           error_log /var/log/nginx/stream/error.log;

     

       25
       25
       +
           access_log /var/log/nginx/stream/access.log basic_stream;

     

       26
       26
       +
       

     

       27
       27
       +
           # data

     

       28
       28
       +
           server {

     

       29
       29
       +
             listen 25565-25599 reuseport;

     

       30
       30
       +
             proxy_pass renko.mist-nessie.ts.net:$server_port;

     

       31
       31
       +
           }

     

       32
       32
       +
       

     

       33
       33
       +
           # query sockets

     

       34
       34
       +
           server {

     

       35
       35
       +
             listen 25565-25599 udp reuseport;

     

       36
       36
       +
             proxy_pass renko.mist-nessie.ts.net:$server_port;

     

       37
       37
       +
           }

     

       38
       38
       +
           # voice

     

       39
       39
       +
           server {

     

       40
       40
       +
             listen 55111-55199 udp reuseport;

     

       41
       41
       +
             proxy_pass renko.mist-nessie.ts.net:$server_port;

     

       42
       42
       +
           }

     

       43
       43
       +
         '';

     

       44
       44
       +
       }

+2 -1

systems/koumakan/services/proxies/searxng.nix

···

       22
       22
        
       

     

       23
       23
        
         services.searx = {

     

       24
       24
        
           enable = true;

     

       25
       25
       -
           runInUwsgi = true;

     

       26
       25
        
           environmentFile = secrets.getTemplate "searxng.env";

     

       27
       26
        
           redisCreateLocally = true;

     

       27
       27
       +
       

     

       28
       28
       +
           configureUwsgi = true;

     

       28
       29
        
           uwsgiConfig = {

     

       29
       30
        
             http = "/run/searx/searxng.sock";

     

       30
       31
        
             chmod-socket = "660";

+3 -2

systems/koumakan/services/scm/forgejo.nix

···

       79
       79
        
               ENABLE_NOTIFY_MAIL = true;

     

       80
       80
        
               REGISTER_EMAIL_CONFIRM = true;

     

       81
       81
        
       

     

       82
       82
       -
               DISABLE_REGISTRATION = false;

     

       82
       82
       +
               DISABLE_REGISTRATION = false; # need to be false to enable any sort of reg.

     

       83
       83
       +
               ENABLE_INTERNAL_SIGNIN = true; # we have gatekeeper setup now and working, this can be turned off.

     

       83
       84
        
               ALLOW_ONLY_EXTERNAL_REGISTRATION = true;

     

       84
       85
        
       

     

       85
       86
        
               ENABLE_CAPTCHA = true;

     
···

       161
       162
        
             # Logging {{{

     

       162
       163
        
             log = {

     

       163
       164
        
               ROOT_PATH = "/var/log/forgejo/";

     

       164
       164
       -
               "logger.router.MODE" = "";

     

       165
       165
       +
               LOGGER_ROUTER_MODE = "";

     

       165
       166
        
             };

     

       166
       167
        
             # }}}

     

       167
       168

-7

systems/koumakan/services/scm/tangled-knot.nix

···

       1
       1
        
       {

     

       2
       2
        
         _utils,

     

       3
       3
       -
         config,

     

       4
       3
        
         ...

     

       5
       4
        
       }:

     

       6
       6
       -
       let

     

       7
       7
       -
         secrets = _utils.setupSecrets config {

     

       8
       8
       -
           namespace = "tangled";

     

       9
       9
       -
           secrets = [ "knot/key" ];

     

       10
       10
       -
         };

     

       11
       11
       -
       in

     

       12
       5
        
       {

     

       13
       6
        
         services.tangled-knotserver = {

     

       14
       7
        
           enable = true;

+20 -2

systems/koumakan/services/security/pocket-id.nix

···

       1
       1
        
       {

     

       2
       2
        
         _utils,

     

       3
       3
        
         config,

     

       4
       4
       -
         # lib,

     

       5
       4
        
         ...

     

       6
       5
        
       }:

     

       7
       6
        
       let

     
···

       23
       22
        
           enable = true;

     

       24
       23
        
       

     

       25
       24
        
           settings = {

     

       26
       26
       -
             PUBLIC_APP_URL = "https://gatekeeper.soopy.moe";

     

       25
       25
       +
             APP_URL = "https://gatekeeper.soopy.moe";

     

       26
       26
       +
             HOST = "127.0.0.1";

     

       27
       27
        
             TRUST_PROXY = true;

     

       28
       28
        
             PORT = "31411";

     

       29
       29
        
             KEYS_STORAGE = "database";

     
···

       35
       35
        
       

     

       36
       36
        
         services.nginx.virtualHosts."gatekeeper.soopy.moe" = _utils.mkSimpleProxy {

     

       37
       37
        
           port = 31411;

     

       38
       38
       +
       

     

       39
       39
       +
           extraConfig.locations."= /humans.txt" = _utils.mkNginxFile {

     

       40
       40
       +
             filename = "humans.txt";

     

       41
       41
       +
             content = ''

     

       42
       42
       +
               /* Credits */

     

       43
       43
       +
               Login Background: https://www.pixiv.net/artworks/122054405

     

       44
       44
       +
               You: for using our services

     

       45
       45
       +
       

     

       46
       46
       +
               /* People */

     

       47
       47
       +
               Administrator: soopyc

     

       48
       48
       +
               Contact: https://soopy.moe/about

     

       49
       49
       +
       

     

       50
       50
       +
               /* Service */

     

       51
       51
       +
               Software: Pocket ID

     

       52
       52
       +
               Deployed-With: NixOS

     

       53
       53
       +
               Security: https://soopy.moe/.well-known/security.txt

     

       54
       54
       +
             '';

     

       55
       55
       +
           };

     

       38
       56
        
         };

     

       39
       57
        
       }

systems/koumakan/services/storage/default.nix

···

       3
       3
        
           ./atuin.nix

     

       4
       4
        
           ./wastebin.nix

     

       5
       5
        
           ./backup.nix

     

       6
       6
       +
           ./garage.nix

     

       6
       7
        
           ./zipline.nix

     

       7
       8
        
         ];

     

       8
       9
        
       }

+143

systems/koumakan/services/storage/garage.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         _utils,

     

       3
       3
       +
         config,

     

       4
       4
       +
         lib,

     

       5
       5
       +
         pkgs,

     

       6
       6
       +
         ...

     

       7
       7
       +
       }:

     

       8
       8
       +
       let

     

       9
       9
       +
         secrets = _utils.setupSecrets config {

     

       10
       10
       +
           namespace = "garage";

     

       11
       11
       +
           secrets = [

     

       12
       12
       +
             "rpc_secret"

     

       13
       13
       +
             "admin_token"

     

       14
       14
       +
             "metrics_token"

     

       15
       15
       +
           ];

     

       16
       16
       +
           config.owner = "garage";

     

       17
       17
       +
         };

     

       18
       18
       +
       in

     

       19
       19
       +
       {

     

       20
       20
       +
         imports = [ secrets.generate ];

     

       21
       21
       +
       

     

       22
       22
       +
         users = {

     

       23
       23
       +
           users.garage = {

     

       24
       24
       +
             isSystemUser = true;

     

       25
       25
       +
             group = "garage";

     

       26
       26
       +
           };

     

       27
       27
       +
           groups.garage = { };

     

       28
       28
       +
         };

     

       29
       29
       +
       

     

       30
       30
       +
         services.garage = {

     

       31
       31
       +
           enable = true;

     

       32
       32
       +
           package = pkgs.garage_2;

     

       33
       33
       +
       

     

       34
       34
       +
           settings = {

     

       35
       35
       +
             metadata_dir = "/var/lib/garage/meta";

     

       36
       36
       +
             metadata_snapshots_dir = "/var/lib/garage/snapshots";

     

       37
       37
       +
             data_dir = "/var/lib/garage/data";

     

       38
       38
       +
             db_engine = "sqlite";

     

       39
       39
       +
             metadata_auto_snapshot_interval = "6h";

     

       40
       40
       +
       

     

       41
       41
       +
             replication_factor = 1; # we only have the resources for a single node atm.

     

       42
       42
       +
             compression_level = 4;

     

       43
       43
       +
       

     

       44
       44
       +
             s3_api = {

     

       45
       45
       +
               s3_region = "ap-east-1";

     

       46
       46
       +
               api_bind_addr = "[::1]:39930";

     

       47
       47
       +
               root_domain = ".s3.soopy.moe";

     

       48
       48
       +
             };

     

       49
       49
       +
       

     

       50
       50
       +
             # this is needed because garage apparently still doesn't support anon access via path based api, so this is more like a hack than anything atm.

     

       51
       51
       +
             s3_web = {

     

       52
       52
       +
               bind_addr = "[::1]:39939";

     

       53
       53
       +
               root_domain = ".s3web.soopy.moe";

     

       54
       54
       +
             };

     

       55
       55
       +
       

     

       56
       56
       +
             rpc_bind_addr = "100.100.16.16:39931";

     

       57
       57
       +
             rpc_public_addr = "koumakan.mist-nessie.ts.net:39931";

     

       58
       58
       +
             rpc_secret_file = secrets.get "rpc_secret";

     

       59
       59
       +
       

     

       60
       60
       +
             admin = {

     

       61
       61
       +
               api_bind_addr = "100.100.16.16:39932";

     

       62
       62
       +
               admin_token_file = secrets.get "admin_token";

     

       63
       63
       +
               metrics_token_file = secrets.get "metrics_token";

     

       64
       64
       +
             };

     

       65
       65
       +
           };

     

       66
       66
       +
         };

     

       67
       67
       +
       

     

       68
       68
       +
         systemd.tmpfiles.settings."50-garage-init"."/var/lib/garage"."d" = {

     

       69
       69
       +
           user = "garage";

     

       70
       70
       +
           group = "garage";

     

       71
       71
       +
           mode = "0700";

     

       72
       72
       +
         };

     

       73
       73
       +
       

     

       74
       74
       +
         systemd.services.garage.serviceConfig = {

     

       75
       75
       +
           DynamicUser = false; # we need to use a mounted filesystem and systemd explodes when i already have a mountpoint at /var/lib/garage/data.

     

       76
       76
       +
           User = config.users.users.garage.name;

     

       77
       77
       +
           Group = config.users.groups.garage.name;

     

       78
       78
       +
           Restart = "on-failure";

     

       79
       79
       +
           StateDirectory = lib.mkForce null; # this somehow breaks mounting dirs into /var/lib; systemd complains about id-mapped mount: device or resource busy

     

       80
       80
       +
         };

     

       81
       81
       +
       

     

       82
       82
       +
         services.nginx.virtualHosts.".s3.soopy.moe" = _utils.mkSimpleProxy {

     

       83
       83
       +
           port = 39930;

     

       84
       84
       +
           extraConfig = {

     

       85
       85
       +
             useACMEHost = "s3.soopy.moe";

     

       86
       86
       +
             extraConfig = ''

     

       87
       87
       +
               client_max_body_size 32G;

     

       88
       88
       +
               proxy_max_temp_file_size 0;

     

       89
       89
       +
             '';

     

       90
       90
       +
       

     

       91
       91
       +
             locations."= /_static" = _utils.mkNginxFile {

     

       92
       92
       +
               content = ''

     

       93
       93
       +
                 <!doctype html>

     

       94
       94
       +
                 <html lang="en">

     

       95
       95
       +
                 <head>

     

       96
       96
       +
                   <title>horrors of gensokyo</title>

     

       97
       97
       +
                   <style>

     

       98
       98
       +
                     :root {font-family: "monospace";}

     

       99
       99
       +
                   </style>

     

       100
       100
       +
                 </head>

     

       101
       101
       +
                 <body>

     

       102
       102
       +
                   <h1>gensokyo filedump - public buckets</h1>

     

       103
       103
       +
                   <ul>

     

       104
       104
       +
                     <li><a href="//cache.soopy.moe">nix-cache</a></li>

     

       105
       105
       +
                     <li>lwjgl-nix</li>

     

       106
       106
       +
                   </ul>

     

       107
       107
       +
                 </body>

     

       108
       108
       +
                 </html>

     

       109
       109
       +
               '';

     

       110
       110
       +
             };

     

       111
       111
       +
           };

     

       112
       112
       +
         };

     

       113
       113
       +
       

     

       114
       114
       +
         services.nginx.virtualHosts."*.s3web.soopy.moe" = _utils.mkSimpleProxy {

     

       115
       115
       +
           port = 39939;

     

       116
       116
       +
           extraConfig.useACMEHost = "s3.soopy.moe";

     

       117
       117
       +
         };

     

       118
       118
       +
       

     

       119
       119
       +
         systemd.services.vmagent.serviceConfig.LoadCredential = [

     

       120
       120
       +
           "garage_token:${secrets.get "metrics_token"}"

     

       121
       121
       +
         ];

     

       122
       122
       +
       

     

       123
       123
       +
         services.vmagent.prometheusConfig.scrape_configs = lib.singleton {

     

       124
       124
       +
           job_name = "garage-job";

     

       125
       125
       +
           scheme = "http";

     

       126
       126
       +
           static_configs = lib.singleton { targets = lib.singleton "localhost:39932"; };

     

       127
       127
       +
           relabel_configs = lib.singleton {

     

       128
       128
       +
             target_label = "instance";

     

       129
       129
       +
             replacement = config.networking.fqdnOrHostName;

     

       130
       130
       +
           };

     

       131
       131
       +
       

     

       132
       132
       +
           # https://github.com/NixOS/nixpkgs/issues/367447

     

       133
       133
       +
           # https://docs.victoriametrics.com/sd_configs/#scrape_configs

     

       134
       134
       +
           # hard coding because we can't use %{ENV_VAR} syntax (yet) when checking.

     

       135
       135
       +
           bearer_token_file = "/run/credentials/vmagent.service/garage_token";

     

       136
       136
       +
         };

     

       137
       137
       +
       

     

       138
       138
       +
         ##################### NAMED BUCKETS WITH WEB HOSTING ###########################

     

       139
       139
       +
       

     

       140
       140
       +
         services.nginx.virtualHosts."cache.soopy.moe" = _utils.mkSimpleProxy {

     

       141
       141
       +
           port = 39939;

     

       142
       142
       +
         };

     

       143
       143
       +
       }

+8 -1

systems/koumakan/services/storage/zipline.nix

···

       31
       31
        
           settings = {

     

       32
       32
        
             CORE_PORT = 34638;

     

       33
       33
        
             DATASOURCE_TYPE = "s3";

     

       34
       34
       -
             DATASOURCE_S3_BUCKET = "zipline";

     

       34
       34
       +
             DATASOURCE_S3_BUCKET = "zipline-01";

     

       35
       35
        
             DATASOURCE_S3_REGION = "ap-east-1";

     

       36
       36
        
             DATASOURCE_S3_ENDPOINT = "https://s3.soopy.moe";

     

       37
       37
        
             DATASOURCE_S3_FORCE_PATH_STYLE = "true";

     

       38
       38
       +
       

     

       39
       39
       +
             FEATURES_OAUTH_REGISTRATION = "true";

     

       38
       40
        
           };

     

       39
       41
        
         };

     

       40
       42
        
       

     
···

       43
       45
        
           extraConfig.extraConfig = ''

     

       44
       46
        
             client_max_body_size 100M;

     

       45
       47
        
           '';

     

       48
       48
       +
         };

     

       49
       49
       +
       

     

       50
       50
       +
         systemd.services.zipline.serviceConfig = {

     

       51
       51
       +
           Restart = "on-failure";

     

       52
       52
       +
           RestartSec = "10s";

     

       46
       53
        
         };

     

       47
       54
        
       }

systems/koumakan/services/telemetry/grafana/dashboards/garage.json

···

       1
       1
       +
       {"__inputs":[{"name":"DS_DS_PROMETHEUS","label":"DS_PROMETHEUS","description":"","type":"datasource","pluginId":"prometheus","pluginName":"Prometheus"}],"__elements":{},"__requires":[{"type":"grafana","id":"grafana","name":"Grafana","version":"9.2.0"},{"type":"datasource","id":"prometheus","name":"Prometheus","version":"1.0.0"},{"type":"panel","id":"timeseries","name":"Time series","version":""}],"annotations":{"list":[{"builtIn":1,"datasource":{"type":"datasource","uid":"grafana"},"enable":true,"hide":true,"iconColor":"rgba(0, 211, 255, 1)","name":"Annotations & Alerts","target":{"limit":100,"matchAny":false,"tags":[],"type":"dashboard"},"type":"dashboard"}]},"editable":true,"fiscalYearStartMonth":0,"graphTooltip":0,"id":null,"links":[],"liveNow":false,"panels":[{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":24,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"lineInterpolation":"linear","lineWidth":1,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"auto","spanNulls":false,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"Bps"},"overrides":[]},"gridPos":{"h":9,"w":8,"x":0,"y":0},"id":10,"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"single","sort":"none"}},"targets":[{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"exemplar":true,"expr":"sum(rate(block_bytes_read{job=\"garage\"}[$__rate_interval])    )","hide":false,"interval":"","legendFormat":"Disk bytes read","refId":"A"},{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"exemplar":true,"expr":"-sum(rate(block_bytes_written{job=\"garage\"}[$__rate_interval])    )","hide":false,"interval":"","legendFormat":"Disk bytes written","refId":"B"}],"title":"Disk I/O","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":0,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"lineInterpolation":"linear","lineWidth":1,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"auto","spanNulls":false,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"reqps"},"overrides":[]},"gridPos":{"h":9,"w":8,"x":8,"y":0},"id":3,"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"single","sort":"none"}},"targets":[{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"editorMode":"code","exemplar":true,"expr":"sum by (api_endpoint) (rate(api_s3_request_counter {job=\"garage\"}[$__rate_interval]))","hide":false,"interval":"","legendFormat":"{{api_endpoint}}","range":true,"refId":"A"}],"title":"API requests","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":0,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"lineInterpolation":"linear","lineWidth":1,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"auto","spanNulls":false,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"reqps"},"overrides":[]},"gridPos":{"h":9,"w":8,"x":16,"y":0},"id":9,"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"single","sort":"none"}},"targets":[{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"exemplar":true,"expr":"sum(rate(web_request_counter {job=\"garage\"}[$__rate_interval]))","hide":false,"interval":"","legendFormat":"Web request rate","refId":"A"}],"title":"Web requests","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":0,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"lineInterpolation":"linear","lineWidth":1,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"auto","spanNulls":false,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"reqps"},"overrides":[]},"gridPos":{"h":8,"w":8,"x":0,"y":9},"id":2,"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"single","sort":"none"}},"targets":[{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"exemplar":true,"expr":"sum by (rpc_endpoint) (rate(rpc_request_counter {job=\"garage\"}[$__rate_interval]))","hide":false,"interval":"","legendFormat":"{{rpc_endpoint}}","refId":"A"}],"title":"RPC requests","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":0,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"lineInterpolation":"linear","lineWidth":1,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"auto","spanNulls":false,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"reqps"},"overrides":[]},"gridPos":{"h":8,"w":8,"x":8,"y":9},"id":4,"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"single","sort":"none"}},"targets":[{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"editorMode":"code","exemplar":true,"expr":"sum by (api_endpoint, status_code) (rate(api_s3_error_counter {job=\"garage\"}[$__rate_interval]))","hide":false,"interval":"","legendFormat":"{{api_endpoint}} {{status_code}}","range":true,"refId":"A"}],"title":"API errors","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":0,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"lineInterpolation":"linear","lineWidth":1,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"auto","spanNulls":false,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]},"unit":"reqps"},"overrides":[]},"gridPos":{"h":8,"w":8,"x":16,"y":9},"id":11,"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"single","sort":"none"}},"targets":[{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"exemplar":true,"expr":"sum by(status_code) (rate(web_error_counter {job=\"garage\"}[$__rate_interval]))","hide":false,"interval":"","legendFormat":"{{status_code}}","refId":"A"}],"title":"Web errors","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":0,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"lineInterpolation":"linear","lineWidth":1,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"auto","spanNulls":false,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]}},"overrides":[{"__systemRef":"hideSeriesFrom","matcher":{"id":"byNames","options":{"mode":"exclude","names":["10.83.2.3:3903"],"prefix":"All except:","readOnly":true}},"properties":[{"id":"custom.hideFrom","value":{"legend":false,"tooltip":false,"viz":true}}]}]},"gridPos":{"h":8,"w":8,"x":0,"y":17},"id":6,"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"single","sort":"none"}},"targets":[{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"exemplar":true,"expr":"block_resync_queue_length{job=\"garage\"}","interval":"","legendFormat":"{{instance}}","refId":"A"}],"title":"Resync queue length","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":0,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"lineInterpolation":"linear","lineWidth":1,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"auto","spanNulls":false,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]}},"overrides":[]},"gridPos":{"h":8,"w":8,"x":8,"y":17},"id":7,"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"single","sort":"none"}},"targets":[{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"exemplar":true,"expr":"sum by(table_name) (table_gc_todo_queue_length{job=\"garage\"})","interval":"","legendFormat":"{{ table_name}}","refId":"A"}],"title":"Table GC queue length","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":0,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"lineInterpolation":"linear","lineWidth":1,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"auto","spanNulls":false,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]}},"overrides":[]},"gridPos":{"h":8,"w":8,"x":16,"y":17},"id":8,"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"single","sort":"none"}},"targets":[{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"exemplar":true,"expr":"sum by(table_name) (table_merkle_updater_todo_queue_length{job=\"garage\"})","interval":"","legendFormat":"{{ table_name}}","refId":"A"}],"title":"Table Merkle updater queue length","type":"timeseries"},{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"fieldConfig":{"defaults":{"color":{"mode":"palette-classic"},"custom":{"axisCenteredZero":false,"axisColorMode":"text","axisLabel":"","axisPlacement":"auto","barAlignment":0,"drawStyle":"line","fillOpacity":0,"gradientMode":"none","hideFrom":{"legend":false,"tooltip":false,"viz":false},"lineInterpolation":"linear","lineWidth":1,"pointSize":5,"scaleDistribution":{"type":"linear"},"showPoints":"auto","spanNulls":false,"stacking":{"group":"A","mode":"none"},"thresholdsStyle":{"mode":"off"}},"mappings":[],"thresholds":{"mode":"absolute","steps":[{"color":"green","value":null},{"color":"red","value":80}]}},"overrides":[]},"gridPos":{"h":8,"w":8,"x":0,"y":25},"id":12,"options":{"legend":{"calcs":[],"displayMode":"list","placement":"bottom","showLegend":true},"tooltip":{"mode":"single","sort":"none"}},"targets":[{"datasource":{"type":"prometheus","uid":"${DS_DS_PROMETHEUS}"},"exemplar":true,"expr":"block_resync_errored_blocks{job=\"garage\"}","interval":"","legendFormat":"{{instance}}","refId":"A"}],"title":"Resync errored blocks","type":"timeseries"}],"refresh":"30s","schemaVersion":37,"style":"dark","tags":[],"templating":{"list":[]},"time":{"from":"now-6h","to":"now"},"timepicker":{},"timezone":"","title":"Garage","uid":"ys3pnpZ4k","version":26,"weekStart":""}

+1 -19

systems/renko/configuration.nix

···

       43
       43
        
         ];

     

       44
       44
        
       

     

       45
       45
        
         networking.firewall = {

     

       46
       46
       -
           allowedTCPPorts = [ 59153 ];

     

       47
       47
       -
           allowedTCPPortRanges = [

     

       48
       48
       -
             {

     

       49
       49
       -
               from = 25560;

     

       50
       50
       -
               to = 25570;

     

       51
       51
       -
             }

     

       52
       52
       -
           ];

     

       53
       53
       -
           allowedUDPPortRanges = [

     

       54
       54
       -
             {

     

       55
       55
       -
               from = 25560;

     

       56
       56
       -
               to = 25570;

     

       57
       57
       -
             }

     

       58
       58
       -
       

     

       59
       59
       -
             # plasmo voice

     

       60
       60
       -
             {

     

       61
       61
       -
               from = 55111;

     

       62
       62
       -
               to = 55199;

     

       63
       63
       -
             }

     

       64
       64
       -
           ];

     

       46
       46
       +
           allowedTCPPorts = [ 59153 5515 ];

     

       65
       47
        
         };

     

       66
       48
        
       

     

       67
       49
        
         # muh unfree software!!!!!!!!!!!!!!!!!!

+1 -1

systems/renko/services/forgejo-runner.nix

···

       15
       15
        
         imports = lib.singleton secrets.generate;

     

       16
       16
        
       

     

       17
       17
        
         services.gitea-actions-runner = {

     

       18
       18
       -
           package = pkgs.forgejo-actions-runner;

     

       18
       18
       +
           package = pkgs.forgejo-runner;

     

       19
       19
        
           instances.default = {

     

       20
       20
        
             enable = true;

     

       21
       21
        
             name = "renko-default";

+10

systems/satori/configuration.nix

···

       73
       73
        
           pkgs.prismlauncher

     

       74
       74
        
         ];

     

       75
       75
        
       

     

       76
       76
       +
         # TODO: make this a trait

     

       77
       77
       +
         virtualisation.docker = {

     

       78
       78
       +
           enable = true;

     

       79
       79
       +
           storageDriver = "btrfs";

     

       80
       80
       +
         };

     

       81
       81
       +
       

     

       82
       82
       +
         users.groups.docker.members = [

     

       83
       83
       +
           "cassie"

     

       84
       84
       +
         ];

     

       85
       85
       +
       

     

       76
       86
        
         zramSwap.enable = true;

     

       77
       87
        
       

     

       78
       88
        
         # muh unfree software!!!!!!!!!!!!!!!!!!

+4 -2

users/cassie/default.nix

···

       1
       1
       -
       { ... }:

     

       2
       1
        
       {

     

       3
       2
        
         users.users.cassie = {

     

       4
       3
        
           isNormalUser = true;

     

       5
       5
       -
           extraGroups = [ "wheel" ];

     

       4
       4
       +
           extraGroups = [

     

       5
       5
       +
             "wheel"

     

       6
       6
       +
             "dialout" # esp programming

     

       7
       7
       +
           ];

     

       6
       8
        
           openssh = {

     

       7
       9
        
             authorizedKeys.keyFiles = [ ../../creds/ssh/users/cassie ];

     

       8
       10
        
           };

users/cassie/ephemeral/vscode/extension.json

···

       12
       12
        
         "hossaini.bootstrap-intellisense",

     

       13
       13
        
         "inlang.vs-code-extension",

     

       14
       14
        
         "jnoortheen.nix-ide",

     

       15
       15
       +
         "llvm-vs-code-extensions.vscode-clangd",

     

       15
       16
        
         "minecraftcommands.syntax-mcfunction",

     

       16
       17
        
         "mkhl.direnv",

     

       17
       18
        
         "ms-python.debugpy",

+16 -14

users/cassie/home/dev/git.nix

···

       8
       8
        
         programs.git = lib.mkMerge [

     

       9
       9
        
           {

     

       10
       10
        
             enable = true;

     

       11
       11
       -
             userName = "Sophie Cheung";

     

       12
       12
       -
             userEmail = "me@soopy.moe";

     

       13
       11
        
       

     

       14
       14
       -
             # difftastic.enable = true;

     

       15
       15
       -
             # delta.enable = true;

     

       16
       16
       -
             diff-so-fancy = {

     

       17
       17
       -
               enable = true;

     

       18
       18
       -
               stripLeadingSymbols = false;

     

       12
       12
       +
             settings = {

     

       13
       13
       +
               user.name = "Sophie Cheung";

     

       14
       14
       +
               user.email = "git@soopy.moe";

     

       19
       15
        
             };

     

       20
       16
        
           }

     

       21
       17
        
       

     

       22
       18
        
           (lib.mkIf traits.gui {

     

       23
       23
       -
             signing = {

     

       24
       24
       -
               signByDefault = true;

     

       25
       25
       -
               key = inputs.self + "/creds/ssh/auth";

     

       26
       26
       -
             };

     

       27
       27
       -
       

     

       28
       28
       -
             extraConfig = {

     

       19
       19
       +
             settings = {

     

       29
       20
        
               gpg.format = "ssh";

     

       21
       21
       +
               commit.gpgSign = true;

     

       22
       22
       +
               tag.gpgSign = true;

     

       23
       23
       +
       

     

       24
       24
       +
               user.signingKey = inputs.self + "/creds/ssh/auth";

     

       30
       25
        
             };

     

       31
       26
        
           })

     

       32
       27
        
         ];

     

       33
       28
        
       

     

       29
       29
       +
         programs.diff-so-fancy = {

     

       30
       30
       +
           enable = true;

     

       31
       31
       +
           enableGitIntegration = true;

     

       32
       32
       +
       

     

       33
       33
       +
           settings.stripLeadingSymbols = false;

     

       34
       34
       +
         };

     

       35
       35
       +
       

     

       34
       36
        
         home.shellAliases = {

     

       35
       37
        
           # redo previous commit when something explodes, like my key died or something

     

       36
       36
       -
           gcmm = "git commit -eF .git/COMMIT_EDITMSG";

     

       38
       38
       +
           gcmm = "git commit -eF .git/COMMIT_EDITMSG"; # FIXME: strip the thing after ------ 8< ------

     

       37
       39
        
         };

     

       38
       40
        
       }

+11 -2

users/cassie/home/dev/ssh.nix

···

       2
       2
        
       {

     

       3
       3
        
         programs.ssh = {

     

       4
       4
        
           enable = true;

     

       5
       5
       -
           hashKnownHosts = true;

     

       6
       6
       -
           forwardAgent = true;

     

       5
       5
       +
           enableDefaultConfig = false; # silent warning

     

       7
       6
        
       

     

       8
       7
        
           matchBlocks = {

     

       9
       8
        
             # most intuitive design /s

     
···

       23
       22
        
               user = "forgejo";

     

       24
       23
        
               identitiesOnly = true;

     

       25
       24
        
               identityFile = "~/.ssh/id_minecraft_backup";

     

       25
       25
       +
             };

     

       26
       26
       +
       

     

       27
       27
       +
             "*" = {

     

       28
       28
       +
               forwardAgent = true;

     

       29
       29
       +
               compression = false;

     

       30
       30
       +
               serverAliveInterval = 0;

     

       31
       31
       +
               serverAliveCountMax = 3;

     

       32
       32
       +
               hashKnownHosts = true;

     

       33
       33
       +
               userKnownHostsFile = "~/.ssh/known_hosts";

     

       34
       34
       +
               # visualHostKey = true; # if this doesn't work im moving to hjem

     

       26
       35
        
             };

     

       27
       36
        
           };

     

       28
       37

Compare changes